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IT Pro Perspectives 


Will IT Pros Rush to (or 

Windows 8? 

T he final release of Windows 8 is only months away, and few would 
argue that Windows 8 isn’t a monumental release for Microsoft. 
The most prominent aspect of Windows 8 is the new Metro UI 
design, which brings the slick, polished interface from the vastly under¬ 
rated Windows Phone platform to the desktop. Major hardware vendors 
are prepping a new generation of touch-enabled devices, from desktops 
and laptops to new ultrabooks and tablets, to take advantage of Metro. 

The excitement surrounding the Windows 8 release as a consumer 
OS has been palpable, but many IT pros are lukewarm about the idea of 
bringing Windows 8 to the corporate desktop. Although Windows 7 has 
been an unqualified success for Microsoft, a large percentage of IT shops 
are still running Windows XP. Anemic IT budgets and legacy application 
compatibility problems are part of the issue. But several Windows IT Pro 
readers say that even XP is still “good enough” to do the job, despite 
Microsoft’s sometimes over-zealous attempts to push XP into the grave. 

I spoke to Charles King, principal analyst at Pund-IT, who suggested 
that Microsoft has three key obstacles with Windows 8 adoption in the 
enterprise. First is the closeness in release dates between Windows 7 and 
the upcoming OS. “Windows 7 was only released 2 years ago. From a 
business perspective, what is the value proposition to migrate to Win¬ 
dows 8 already?” King then mentioned that Windows 8 is designed to 
take advantage of a new generation of hardware devices—such as tablets 
and touch-enabled PCs and laptops—that haven’t shipped yet in volume. 
“The demand for all of these devices [in the enterprise] is completely 
unknown. While many hardware vendors have great hopes for Win¬ 
dows 8, it’s up in the air what the eventual desire for these devices will 
be.” The final obstacle that King mentioned is a financial one. “The cur¬ 
rent global economic situation generates uncertainty in businesses of all 
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sizes. When the economy gets uncertain or goes south, businesses lock 
down spending and purchase only what they truly need. That’s partly 
why a sizeable number of businesses are still using Windows XP. ” 

Microsoft recently touted some of the features of Windows 8 Enter¬ 
prise , including the “boot from a USB stick” capability of Windows To 
Go, VDI enhancements, and updated Windows 8 app deployment and 
software assurance changes. Yet many of the other features mentioned in 
the post are largely carryovers from Windows 7—namely DirectAccess, 
BranchCache, and AppLocker. The most troubling feature for many IT 
pros is the Windows 8 Metro interface, which might remain the default 
boot option for all Windows 8 clients—which is a concerning prospect. 

“I can say without a doubt there’s no way we’ll roll out Windows 8 
as it exists right now,” Windows IT Pro reader Dwight L. recently told 
Paul Thurrott. “The fact that managing Win8 is essentially the same 
as managing Win7 doesn’t matter...the Windows 8 Metro UI is com¬ 
pletely unfamiliar, and for us would be a support nightmare.” 

Microsoft hasn’t definitively said whether it will allow IT departments 
to force Windows 8 clients to boot directly to the traditional desktop 
interface rather than loading with the Metro UI option. Some Microsoft 
watchers (including Paul Thurrott ) have learned that Microsoft is actively 
removing OS elements that would make it possible to easily enable a 
default desktop UI option on startup, so concerns about increased train¬ 
ing and support costs to help end users navigate the new UI are valid. 

Several IT pro shared similar concerns on Twitter. @Fukawi2 told me, 
“I’m only just starting Win7 transition. Not enough IT resources to man¬ 
age the transition or train users on the new (crap) UI.” @JField said, “I 
deployed Win7 right away b/c my XP infrastructure cried out for an update. 
Win7 is still great, I can wait on this one...that said, I will definitely be 
installing it on my primary boxes. I want to tinker + I need to know it!” 

On which side of the Windows 8 adoption debate do you and your 
IT department fall? I’d love to hear your feedback, so drop me a mes¬ 
sage on Twitter with your thoughts. ■ 
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Letters 


letters@windowsitpro.com 


Transend Documentation 

In regard to Russell Smith’s review of Transend Migrator , Transend 
does provide white papers that are scenario-specific and that address 
the various steps of migrating between specific systems. Now, we obvi¬ 
ously can’t cover each and every scenario. But we do offer instruction 
for the most common scenarios, for both single-user migrations and 
batch migrations. And we even provide a more detailed Technical Ref¬ 
erence Guide for the more popular migration scenarios as well. You 
can find scenario-specific white papers on the Transend website. 

—Josh Krefetz for Transend 


Although there are scenario-based white papers and Help files, as I 
mentioned in the original review, I do feel that they’re not particularly 
well written. Also, still missing in action is a white paper for migrating 
to Office 365, which is likely to be a scenario many customers will be 
interested in. Overall, I still feel that the documentation for Transend 
Migrator could be improved. 

—Russell Smith 


LDAP Over SSL 

I really enjoy reading Windows IT Pro, and I was particularly look¬ 
ing forward to Jan De Clercq’s article “ Use LDAP Over SSL to Lock 
Down AD Traffic ,” because we want to use this feature in our envi¬ 
ronment. However, I found that the article was short on explaining 
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how non-Windows clients (e.g., Mac, Linux) will integrate with this 
solution if they are to use LDAP over SSL (LDAPS). A reference about 
how other OSs integrate with Microsoft solutions would have been 
helpful. Mixed environments are often a necessity these days. Also, 
regarding the use of LDAPS on Windows clients: Aren’t those clients 
supposed to have a copy of the certificate used to encrypt the traffic? 
I didn’t see anything mentioned in the article about how the clients 
are supposed to use SSL for encryption. Can you clarify? 

—Ricardo Coto Oviedo 

Thank you for the positive feedback! The article is indeed focused 
on how to set up LDAPS from Windows clients to securely connect to 
Active Directory (AD). However, the principles for setting it up remain 
the same for both Windows and non-Windows clients. Regarding the 
operation of LDAPS, clients just need to “trust” the certificate issuer of 
the server’s LDAPS certificate—which means that the certificate issuer 
should be a trusted certificate authority (CA) in the client’s certificate 
store. For the rest, everything—including server authentication and the 
exchange of the encryption key—occurs automatically as part of the 
SSL exchanges between client and server. Remember also that a client- 
side certificate isn’t required; it’s an option. Hope this helps! 

—Jan De Clercq 


Microsoft and the Dumbening of Technology 

I appreciate the humor of Paul Thurrott’s article “ Microsoft and 
the Dumbening of Technology .” In some sense, every generation of 
technology is easier to use than the last. As technology advances, it 
becomes more accessible to more people with less technical knowl¬ 
edge. This is the natural order of things—to make the tools simpler 
and more accessible to more people. ■ 

—C. Marc Wagner 
InstantDoc ID 143281 
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Need to Know 




Windows 8 
Release Preview 

B y the time you read this, Microsoft will have shipped its 
Windows 8 Release Preview, the final, publicly available pre¬ 
release milestone for its next desktop OS. (I’ll be looking at 
a corresponding Windows Server 2012 Release Candidate version— 
don’t ask about the disparity in naming—next month.) I’d been using 
several prerelease Preview builds of Windows 8—what I thought of, 
none too imaginatively, as “Release Preview previews”—for about a 
month before Microsoft finalized the set of Metro apps and capabili¬ 
ties that it would deliver in this milestone. One thing I came away 
impressed with was how much this release actually changed over that 
month. Not the underlying platform capabilities so much—those were 
finalized in early 2012,1 was told—but rather the Metro-style apps that 
form the most obvious, user-focused aspects of the Windows 8 experi¬ 
ence. This is a product that’s been shined, evaluated, and then shined 
again, over and over in the weeks building up to this release. 

As such, the Windows 8 Release Preview represents not just our 
clearest look yet at Microsoft’s new OS but rather a version that should 
be largely indistinguishable from that final release. If you’ve held off 
evaluating this admittedly confusing and multi-focused new Windows 
version for some reason, now’s the time to start. The Release Preview, 
for all intents and purposes, is Windows 8. 

With that in mind, there are two ways to approach this release. 
First, one might consider Windows 8 as a whole, ignoring past com¬ 
mentaries and opinions and using the Release Preview as the sole 
arbiter, for now at least, in deciding the merits of this OS. Or, one 
could simply list what’s changed since the Consumer Preview. Let’s 
split the difference. 
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Considering Windows 8 as a Whole 

Looked at from a mile high, Windows 8 is very clearly a monumental 
release for Microsoft and one that will determine whether Windows 
will be a major player in general computing going forward or just a 
player. Let’s be clear about where Microsoft has cast its lot: While 
some endlessly debate whether the Apple iPad and its Android- 
copycat-tablet ilk represent the computing mainstream of the future, 
Microsoft’s actions in Windows 8 prove that the company has no 
doubts about the future of tablets. Windows 8 is its first real push in 
that direction and, arguably, the first time Windows has started off in 
the underdog position since, oh, the early 1990s. 

Windows 8 features a new user experience and runtime environment 
called Metro that’s technically now the OS and was clearly designed for 
multi-touch tablets and other devices. Microsoft calls this experience 
“touch first,” while critics prefer the term “touch-centric.” No mat¬ 
ter, it’s also perfectly serviceable with traditional mouse and keyboard 
interfaces. It provides full-screen apps that Microsoft says are “immer¬ 
sive,” while power users will grouse, for good reason, that they’re limit¬ 
ing, with only a passing nod to advanced multi-tasking features we’ve 
all come to expect. (The fact that Metro-style apps take the “windows” 
out of Windows, so to speak, is difficult for some to comprehend.) 

Metro is new. It’s different, it’s scary for IT pros and tech enthusi¬ 
asts, and it’s only partially realized in Windows 8, to be honest. But 
it’s the future, for better or worse. 

Of course, Microsoft is still Microsoft. And while there are abso¬ 
lutely some bold bets in Windows 8, the company isn’t foolhardy 
enough—or, shall we say, “Apple enough”—to throw out the baby 
with the bath water. So Windows 8 is still Windows. It still retains 
the desktop environment we’ve used since Windows 95, still runs all 
the same Win32-type desktop applications we all know and love, still 
utilizes the same driver models, and so on. 

The weirdness to Windows 8—and let’s be honest here, it is a weird¬ 
ness—is that these two seemingly unrelated user experiences—Metro 
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and the desktop—coexist, side by side. You sign in to Windows 8 
and arrive at the new Metro-style Start screen (see Figure 1), an app 
launcher with Windows Phone-like live tiles that replaces the applica¬ 
tion launching functionality of the old Start menu (gone in this release) 
and taskbar (which lives on in the desktop environment). Getting to 
the desktop, which is treated conceptually as an app, works similarly 
to any Metro-style app: You just click (or tap) its tile. The desktop 
works largely as in Windows 7, but without a Start button. That bit of 
extraneous UI has been replaced by a new, more consistent “Start tip,” 
which works in both Metro and desktop environments and is part of 
a series of Metro-style “edge UIs” that trigger other system-wide func¬ 
tions. (Those using touch-less systems can utilize mouse-based “hot 
corners” or keyboard shortcuts to achieve the same results.) 



Figure 1 

Start screen in 
Windows 8 


What's Changed Since the Consumer Preview 

Two things have changed since the release of the Consumer Preview 
in very late February 2012. We’ve become far more accustomed to 
actually using Windows 8 and can make more educated comments 
about how it actually works. And Microsoft has refined the overall 
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system for the Release Preview and, more important, significantly 
overhauled the bundled apps—previously available in weak “app pre¬ 
view” form—providing us with a far more complete view of this. 

With regard to usage, it’s a mixed bag. And my earlier hypothesis 
that users of traditional PCs (i.e., virtually every PC currently in exis¬ 
tence) would stick to the more familiar, more desktop-like environ¬ 
ment, while those few with tablets (today, that is) would tend toward 
the more immersive, full-screen world of Metro has been borne out. 
But the divide in users is a bit more nuanced than that. 

Microsoft’s decision to fuse Metro and the desktop into a single 
system might be controversial, but it has certainly opened up some 
interesting possibilities (see Figure 2). That is, while traditional PC 
users have indeed stuck to the desktop by and large, nothing is stop¬ 
ping them from using the occasional Metro-style app or enjoying the 
live updating capabilities of the new lock screen and Start screen. 
Likewise, while tablet users will find the Metro experience more tai¬ 
lored to their device type, the ability to drop into the desktop and use 
a true Windows application like Microsoft Word or Adobe Photoshop 
is unparalleled in the tablet world. These machines could truly be a 
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major leap forward compared to the iPad, which is limited by both its 
unyielding single form factor and Apple’s relatively immature APIs. 
Windows-based tablets can do it all. 

Looking at the Release Preview specifically, we see changes across 
the board. The system-level changes are minor, and evolutionary, as 
they should be at this stage of development. Microsoft has cleaned up 
Explorer to more closely resemble the UI it previously provided in the 
Aero Basic theme—sorry, folks, it’s not Metro-like at all—and has made 
multi-monitor support smarter around Metro edge UIs and hot corners. 

Look at the apps, however, and things get very interesting. First, 
and most broadly, the apps are more intelligent and utilize more sys¬ 
tem capabilities. That means that all of the major productivity apps— 
Mail, Calendar, Internet Explorer, Messaging—now fully support the 
new Windows 8 notification system. Likewise, more of these bundled 
apps can participate in another new Windows 8 feature, the Share 
contract—think “copy and paste” on steroids—so you can now do 
such things as share a photo from the Photos app via email by using 
the Mail app, or share a web page from IE via Facebook or Twitter by 
using the People app. With the Release Preview, Windows 8 is sud¬ 
denly a nicely rounded system. 

Apps are now colored-coded differently, so that the app tile color is 
used as the accent color in the app as well. Although my initial reac¬ 
tion is that Microsoft should provide a way for users to customize 
each app’s color—some will surely decry the use of teal or other col¬ 
ors in, say Mail—I think there’s a method to the madness: As you flip 
between the running apps, the accent color gives you a quick visual 
cue about which app is which, aiding your memory and letting you 
multi-task a bit more efficiently. It’s just a theory. 

Looking at individual apps, you’ll find that virtually all of them 
have been overhauled in some way. The Mail app has gotten a nice 
visual refresh (see Figure 3), and more options bubble to the sur¬ 
face-well, to the app’s app bar, anyway—in appropriate ways. For 
example, you can pin individual email folders (such as your work 
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Figure 3 

Mail in Windows 8 



Inbox) to the Start screen and access them individually. (This “deep 
linking” capability debuted previously in Windows Phone.) My only 
complaint here is that there’s no drag-and-drop functionality at all: If 
you want to move a message to a new folder, for example, you have 
to use a Metro-style selection, then access the Move command from 
the app bar. That’s not very efficient. 

The Calendar app retains the three view styles we saw in the Con¬ 
sumer Preview—Day, Week, Month—but picks up a much-needed, 
Windows Phone-like way to determine which individual calendars 
are displayed from each calendar source (Microsoft Exchange/Office 
365, Microsoft Hotmail, Google Calendar). You can also determine 
which color is used to denote individual calendars. 

People, Windows 8’s contact management solution, has gotten a 
major overhaul this time around and now works much like the excel¬ 
lent People hub in Windows Phone. Its live tile animates a grid of 
contact pictures, which is pleasant, and inside the app you’ll find 
useful lists for People (a list of contacts, which can be filtered to 
show only online contacts). What’s new (social networking updates 
from your contacts, now nicely laid out), and Me, similar to the Me 
app in Windows Phone, which displays your own social networking 
updates, your (social networking) notifications, and posted photos. 
The Windows 8 IM app, Messaging, works with both Windows Live 
and Facebook Chat and can now hold messages for later delivery if a 
contact is offline. 
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Internet Explorer (IE) 10 has received a surprisingly major update, 
with a new feature called Flip Ahead that examines a site’s paging 
structure and provides a way to easily move forward to the next “page” 
in a multi-page article. IE 10 also picks up a UI refresh, with a simpler 
app bar button structure and nicer in-place site search results. But 
the biggest change is that IE 10—get this—actually includes native 
Adobe Flash support. So much for embracing the standards-based 
web, Microsoft. 

All of the other apps we know from the Consumer Preview, includ¬ 
ing Windows Reader, Finance, Bing Maps, Windows Store, Camera, 
SkyDrive, Photos, Music, and Video, have been updated as well. And 
surprisingly, Microsoft is shipping several new Metro-style apps in 
the Windows 8 Release Preview, though they’re all very similar RSS- 
like apps that resemble Finance. 

The new News app provides a gorgeous and locale-specific take 
on, yes, the news, with sources such as The New York Times, Reuters, 
CNET, the Los Angeles Times, and more. The new Sports app pro¬ 
vides the same functionality—and look and feel—for sports, and it, 
too, supports many locales as well as an auto-refresh mode to keep 
the content up-to-date. Finally, there’s a new Travel app, too, though 
I’m not quite clear on the point of it. It appears to offer basic informa¬ 
tion, in a pretty layout and presentation, about a handful of locations. 
In fact, it’s almost a tech demo: Look, developers, at how pretty your 
apps can be! 

The Final Analysis of Windows 8 Rests with You 

Put this all together, and you can now judge for yourself whether 
Windows 8 is the next Vista or the next Windows 7. I’m leaning 
toward the latter, but I can see why those who support Windows for 
a living are a bit more tentative. Windows 8 is a big leap. Your job 
is to determine if it’s a leap forward for your business or just a leap 
sideways. ■ 
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I n “ Searching and Managing Active Directory Groups with PowerShell ,” 
I showed you a bunch of AD-related PowerShell commands related to 
AD groups: new-adgroup creates groups, add-adgroupmember adds 
accounts to a group, and get-adgroupmember retrieves user accounts that 
are members of a given group. This month, I want to extend your ability 
to use get-adgroupmember and I want to finish the column by showing 
you how I used PowerShell’s Help to come up with a time-saving tip. 

First, to round out your ability to manage groups, let’s apply what 
you’ve learned in the past PowerShell articles. Once you know that 
you can create a new group with new-adgroup, you won’t be sur¬ 
prised to learn that you can delete a group with remove-adgroup : 

remove-adgroup folks 

After you enter that command, PowerShell will ask you if you’re sure 
you want to zap that group, and that’s a good thing: Undeleting stuff 
in AD is a pain if you don’t yet have the AD Recycle Bin enabled. If, 
however, you’re very sure of yourself, you can always suppress the 
PowerShell confirmation question by adding -confirm: $ false, as in 

remove-adgroup folks -confirm:$false 
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You can assume that there’s a remove-adgroupmember command, given 
that you’ve already met add-adgroupmember. That’s a reason why you 
should stick with learning PowerShell: The first few commands are a 
bit complex and even initially non-intuitive, but once you grasp the 
PowerShell way of thinking, it gets a lot easier to use it—and quickly. 

Second, remember when I showed you that add-adgroupmember 
acts a bit unusually for PowerShell? As an example, I offered 

add-adgroupmember folks user2,user3 

which looks odd because PowerShell normally needs parameters with 
names, as in this alternative way to type that command: 

add-adgroupmember -identity folks -members user2,user3 

How did I know that I could skip -identity and - members ? I took a close 
look at PowerShell’s Help! By running get-help add-adgroupmember 
-full, you’ll find a huge pile of information. Yes, it’s tempting to just 
skip down to the examples, but take a moment to look at the text about 
the parameters. You’ll quickly deduce that you’re pretty much always 
going to need the -identity and -members parameters, so those are the 
ones to examine. The description for -identity partly looks like this: 

Required? true 
Position? 1 
Default value 

Those three items tell you a lot: You can’t call add-adgroupmember 
without -identity ( Required? true), it doesn’t have a default value (no 
value after Default value), and then there’s the most interesting of the 
three items, Position? 1. 

In the case of 99 percent of the PowerShell parameters, that line 
says Position? named, meaning that you must use the parameter’s 
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name, such as -identity folks. The rare case wherein there’s a number 
means that you can certainly use a number as a named parameter, 
but alternatively if you just type the number as the first word after the 
command, PowerShell will treat it as if you’d typed -identity before it. 
Continue along and look at the Help text for -members and you’ll see 
Position 2, which is how I knew that I could skip the named param¬ 
eter on that one, also. Positional parameters don’t appear often in the 
AD tools, but they’re welcome gems when you do find them, so a 
minute’s work in Help is often repaid. 

Finally, some bad news: Once it retrieves a user object, get-adgroup 
member contains only about a dozen of that user’s attributes. Further¬ 
more, get-adgroupmember lacks a -searchbase option that would let 
us tell it to return only users from some subset of the domain’s con¬ 
tainers. By expanding on techniques I’ve shown you before, though, 
you can restore these functionalities to the cmdlet. 

First problem: How do you retrieve the members of the group 
folks and their lastlogondate? Well, get-adgroupmember folks gets 
the members, but not their lastlogondate. We solved this problem for 
search-adaccount, and it’ll work just as well for adgroupmember: 

get-adgroupmember -r folks | get-aduser -properties lastlogondate 

In this case, I grabbed the (incomplete) user accounts, then used the 
pipeline to retrieve those accounts again with get-aduser. Once get- 
aduser was in play, I could employ -properties— very nice, and not too 
inefficient, because dumping get-adgroupmember took only a short 
time, and (since it probably returns a fairly small number of objects) 
re-retrieving the accounts with get-aduser will usually be quite quick. 

But what about the lack of -searchbasel How can I restrict my search 
to, say, users in just one organizational unit (OU)? I’ll tackle that next 
month, when I’ll show you once again that in the PowerShell world, 
there’s usually more than one way to skin a cat! ■ 
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SQL Server 2012 FAQs 

Answers to the most frequently asked questions about 
SQL Server 2012 


W ithout a doubt, Microsoft SQL Server 2012 is one of the 
biggest releases of SQL Server ever, and it definitely pushes 
SQL Server to a higher rung on the enterprise ladder. Like 
all new releases of a major server product, SQL Server 2012 contains 
many changes, enhancements, and new features. Anytime there are 
changes, there are also numerous questions. In this column, I’ll answer 
some of the top FAQs about SQL Server 2012. 

© What are the SQL Server 2012 editions? 

SQL Server 2012 is available in three primary editions: Enterprise, 
Business Intelligence, and Standard. The Enterprise edition contains 
all of the features in the product. The Business Intelligence edition 
contains all of the BI capabilities but lacks some of the higher-end 
availability capabilities. The Standard edition provides basic relational, 
BI, and availability capabilities. Microsoft has discontinued the Data¬ 
center, Workgroup, and Standard for Small Business editions but will 
continue to provide the Developer and Express editions. 
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© What are the licensing changes with SQL Server 2012? 

SQL Server 2012 has a new core-based licensing model. The Enterprise 
edition is licensed only per core, with a minimum of four core licenses. 
The Business Intelligence edition is licensed only per server. The 
Standard edition has the option of being licensed either per core (with a 
four-core minimum) or per server. There are also three versions of the 
free SQL Server Express edition. The Developer edition is also available; 
it’s licensed per developer and can’t be used for production work. 
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© How does virtualization affect licensing? 

You have two basic options for licensing virtualized SQL Server 2012 
instances. You can license SQL Server at the virtual machine (VM) 
level or you can license all the cores in the physical server. At the VM 
level, you can choose server licensing or core licensing, where a core 
essentially equates to a virtual CPU. If you choose per-core licensing, 
that four-core minimum still applies. Alternatively, if you’re planning 
to run several SQL Server VMs, you can license all the cores in the 
physical box with the Enterprise edition and Software Assurance (SA), 
which allows an unlimited number of SQL Server VMs. 

© Is it true that you can't move SQL Server VMs because 
of the licensing? 

Yes, surprisingly, there are licensing limitations that restrict how 
often you can move a VM. If you don’t have SA, you can move a SQL 
Server system only once every 90 days—which certainly isn’t enough 
to keep up with Patch Tuesday. If your licenses are covered by SA, 
you can move your VMs as often as you like. SA is a requirement if 
you want to use SQL Server 2012 in a dynamic data center. 

( 5 ) Is Business Intelligence Development Studio (BIDS) 
gone? What development tools for Bl projects are 
available in SQL Server 2012? 

BIDS has been replaced by SQL Server Data Tools. SSDT contains all 
the functionality of BIDS, plus it can be used for declarative database 
development as well as for developing SQLCLR projects. SSDT can be 
used with SQL Server 2012, SQL Server 2008 R2, SQL Server 2008, 
SQL Server 2005, and SQL Azure. 

© What is SQL Server AlwaysOn? 

AlwaysOn Availability Groups is essentially the next evolution of data¬ 
base mirroring. AlwaysOn Availability Groups leverages AlwaysOn 
Failover Clustering, and it can protect multiple databases as a group. 
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AlwaysOn Availability Groups allows both synchronous and asynchro¬ 
nous database replicas, as well as active replicas. For a more in-depth 
look at AlwaysOn Availability Groups, you can refer to “ Microsoft SQL 
Server 2012: AlwaysOn Availability Groups Feature .” 

© What is Power View? Does it replace Report Builder? 

Power View picks up the idea that was first introduced with Report 
Builder—enabling powerful end-user reporting—hut doesn’t replace 
Report Builder, which is still present in SQL Server 2012. Power View 
is a graphical data navigation and visualization tool that’s designed to 
provide data insights by helping the user create reports over a BI 
Semantic Model. Power View reports can be embedded in your own 
applications, published to SharePoint, or included in PowerPoint 
presentations. Report Builder is still present in SQL Server 2012. 
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Availability 
Groups is 
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® Is Hadoop a part of SQL Server 2012? 

No. Fladoop is an open-source platform for processing unstructured 
data. SQL Server 2012 offers connectors for Hadoop. Hadoop itself is 
implemented separately from SQL Server. 

® Did the LocalDB edition replace SQL Server Express? 

LocalDB isn’t SQL Server Express, nor is it SQL Server Compact. 
LocalDB uses the same sqlservr.exe engine as the other editions of 
SQL Server, but it runs in user mode—not as a service. LocalDB is 
used for offline development by tools such as SSDT to ensure that the 
code you develop is 100-percent compatible with your production 
SQL Server database. 


® Where can I find out more about SQL Server 2012? 

Get more information about the different editions and features of SQL 
Server 2012 from Microsoft’s MSDN website. To try out some of these 
features yourself, check out the SQL Server 2012 Virtual Labs . ■ 
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The Strands of 
Your Identity Web 

Understand the biggest components in your identity web 
and how they connect 
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O ne of the challenges that identity professionals face is that 
they rarely have to deal with just one identity system, such 
as Active Directory (AD). No, there’s usually quite a collec¬ 
tion of systems that provide identity inside your company, and often 
part of your job is to somehow tie all these systems together in some 
coherent manner for your applications to use. 

And that’s just for on-premises systems. With the dramatic increase 
in Software as a Service (SaaS) solutions, the number of applica¬ 
tions that need identity information has grown far faster than most IT 
shops’ ability to securely provide it. A successful identity professional 
needs to be able to link multiple identity providers of different types 
with all these services or applications—think of spaghetti strands— 
to provide a web of identity. Once that web is constructed, you must 
keep the flow of identities around the web working; it’s a process a 
former colleague once described as “keeping the spaghetti wet.” This 
month, I thought I’d look at some of the biggest nodes in this identity 
web and where their spaghetti strands connect with one another. You 
might not have all these strands in your environment, but you cer¬ 
tainly must deal with most of them, and there are also some that you 
should consider for your company’s future. 

Figure 1 shows these components and the typical data flows between 
them. This figure isn’t intended to represent a production environment; 
for example, the identity provider federation service wouldn’t have 
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Figure 1 

Typical data flows in 
an identity web 


inputs from both a virtual directory service (VDS) and AD, because the 
point of a VDS is to minimize identity connections. The idea is that you 
can look at each node and see what its typical inputs and outputs are. 

Active Directory 

AD remains at the base of most companies’ identity infrastructures. 
It’s a ubiquitous identity source in the enterprise. Around the world, 
AD is installed in (or is the central directory for) over 75 percent 
of companies with more than 500 clients. And it’s slowly evolving 
to meet the needs of modern applications and services; Windows 
Server 2012 AD will support virtualization with no caveats, and it will 
introduce basic claims support. AD is the one application that any 
identity and access management (IAM) application must deal with, 
thanks to the sheer amount of investment in it and AD-integrated 
applications, not to mention its associated hardware, software, and 
process infrastructure. Add to that the widely held belief that identity 
should stay on premises, and you can see that a currently installed, 
on-premises AD implementation isn’t going anywhere in the fore¬ 
seeable future. AD is usually the source for a company’s unique 
identities, such as security groups and computer accounts, but other 
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objects (e.g., userlDs) and attributes (e.g., employee numbers) typi¬ 
cally come from an “upstream” HR system. 

Other Identity Sources 

AD’s widespread use, however, doesn’t mean it’s the only identity 
source. HR systems are truly the most widely found identity stores in 
business; you can’t keep track of employees without one. Due to their 
sensitive nature, HR databases tend to be upstream of other identity 
stores and don’t commonly accept updates from them. Other iden¬ 
tity sources—such as physical security databases that contain unique 
badge IDs or custom applications—might have their own unique 
identities with varying degrees of communication to an AD instance. 


Metadirectory Services 

Metadirectory services evolved as a way to aggregate objects and attri¬ 
butes from a wide variety of identity sources into a comprehensive 
metadirectory (sort of “one directory to rule them all,” if you don’t 
mind the Lord of the Rings analogy), which then updates these sources 
and other applications with the data they require. The value proposition 
of a metadirectory service is that when you use one, you can theoreti¬ 
cally put any attribute from one identity source into any other, or make 
it available for any application. But that’s generally not a simple task 
to accomplish. Due to their cost of implementation and support, most 
metadirectories are found only in large enterprises. They fit right in the 
middle of the on-premises identity web, tying both identity sources and 
identity consumers together. 

As I discussed in my March column, “ The Rise of Virtual Directory 
Servers ,” a VDS is another way to present an aggregate view of objects 
and attributes from different identity sources. Instead of pulling iden¬ 
tity data on a scheduled basis from these sources into a single large 
identity metadirectory, then pushing data out to a variety of locations in 
case it’s needed, a VDS creates a view into these identity sources. This 
view, which appears to the application as a single directory, is really 
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an abstraction. (Whenever you see the word virtualization, you should 
think “adding a layer of abstraction,” or “smoke and mirrors,” if you 
prefer.) When an application makes a query to this interface, the VDS 
makes queries in real time to the necessary identity sources (minus some 
sophisticated caching techniques) and returns the data to the applica¬ 
tion. Because of the abstraction layer the VDS provides, the application 
doesn’t need any fancy logic to determine to what source it needs to go 
to get attributes. VDS solutions are popular because they’re much sim¬ 
pler and cheaper to deploy than metadirectory services; they fit into the 
identity web between your company’s identity sources and applications 
that need to use those sources. 

Many companies have well-established web access management 
(WAM) systems that any new identity solutions must integrate with. 
WAM solutions provide authentication and authorization from one or 
more identity sources for both internal and externally facing web ser¬ 
vices. The best-known use case is providing external access to a web 
service that resides on a corporate firewall. These on-premises systems 
are tightly integrated with multiple identity sources and don’t commonly 
use newer technologies such as VDS to simplify their integration. 

Directory synchronization services have become a common solu¬ 
tion when there’s a need to duplicate identity data from an enterprise 
identity store to a cloud service provider. A descendent of the metadi¬ 
rectory server’s synchronization engine, a directory synchronization 
service is a lightweight process installed on a server that monitors an 
identity store such as AD for changes and replicates those changes 
immediately up to its owning cloud service. 

Federation 

The last major component of the on-premises identity web as it stands 
today is the federation service . This service stands as the bridge 
between shared-secret security protocols such as Kerberos (used in 
AD) and claims-based protocols such as Security Assertion Markup 
Language (SAML—used for claims-aware applications). A federation 
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service transforms tokens between different security domains and is 
an important piece of the web connecting you to cloud applications. 
In the identity web, federation services are connected to one or more 
identity sources and provide tokens to claims-aware applications on 
premises or to service providers in the cloud. 

But federation doesn’t necessarily have to be on your premises. You 
can outsource your federation service to an IDaaS provider , which 
provides an intermediary that takes care of authentication and autho¬ 
rization to a wide variety of SaaS applications. Most services will also 
provide single sign-on (SSO) to service providers that don’t support 
federation through their own proprietary methods. 

Whether you work for an identity provider or a service provider 
depends on your viewpoint, of course. Although most of you probably 
support internal IT systems, a service provider that has a standalone 
identity store (e.g., separate accounts created on the service provider’s 
site) for the users of its service is also an identity provider. And an 
enterprise identity provider that makes an application available for its 
business-to-business (B2B) partners is also a service provider. 

If this situation weren’t already complicated enough, other identity 
providers are entering the identity mix as well. Many consumer sites 
use Facebook, Google, Twitter, Yahoo!, and others to provide SSO; in 
the future, these providers will see more use in the enterprise (e.g., to 
provide SSO for customer service portals). 

Look Forward 

It’s important to keep your existing systems running well, but it’s equally 
important to look forward. You need to position your identity web to take 
advantage of these new technologies where it makes business sense. 
And the business case is sometimes based on a combination of factors 
such as information security and savings to individual departments—for 
example, moving from grass-roots, departmentally managed accounts 
for SaaS providers to a centrally federated approach. ■ 
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Answers to Your Questions 


■ What can you use the Notes field for in Microsoft 

■ Outlook forms? 

■ Microsoft Outlook uses forms for inputting content into the 

■ message store. A new email message, contact, task, or 
appointment are all examples of Outlook forms. On several of these 
forms, there’s an open held called Notes—which is not to be con¬ 
fused with the form for Outlook Notes. The Notes held can be found 
in Contacts, Calendar items, and Tasks. 

In my experience, this held isn’t often used in companies. Per¬ 
haps the other labeled helds provide all the necessary information 
needed for the Outlook item being created or amended. In a few 
cases, however, I’ve seen people use the Notes held, especially in 
Contact items, as a form of contact management system with refer¬ 
ences such as “Called on Dec 30, 2011. No Answer. Call back after 
holidays.” One good use of this held I’ve seen is for recording a con¬ 
tact’s Twitter address, because Outlook doesn’t currently provide 
such a held. 

I’ve used the Notes area for content that didn’t ht in the default 
input helds for my own reference, but you can use it for many differ¬ 
ent things. The Notes area supports text, images, clip art. Smart Art, 
and shapes, including charts. In Figure 1,1 copied some biographical 
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Figure 1 

Using the Notes 
field for additional 
information on a 
contact 



content from the web (in this case, from the Cycling Hall of Fame) as 
additional information on the contact. 

This is now stored within the Contact item in the message store 
for Outlook. You can also format text in the Notes area as you would 
in any basic text editor, including choosing the font, color, and size; 
highlighting text; inserting hyperlinks; and changing paragraph 
alignment. 

The Notes held is labeled Notes in Contacts but is just an open 
space in Calendar items and Tasks. Still, the space can be utilized the 
same. Figure 2 shows a meeting request with an image of the meeting 
location. The Notes held obviously can be used to elaborate on the 
description within the typical helds of the appointment. 

The Notes held in these Outlook forms is indexed by Windows 
Search. You can search Contacts, Tasks, or Calendar hltered for terms 
you included in the Notes held. This increases the value substan¬ 
tially as a tool for managing Outlook content. I have seen many users 
unaware of the versatility of the Notes area, and many people will 
hnd it useful to include content in the Notes held in support of Con¬ 
tacts, Tasks, and Calendar items. 
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Figure 2 

A meeting request 
with an image in the 
Notes field 


—William Lefkovics 
InstantDoc ID 143050 


Q a What are the new keyboard shortcuts for 
■ Windows 8? 

A m Users who like using keyboard shortcuts will find many 
■ useful ones for Windows 8. Table 1 shows the new keyboard 
shortcuts specific to Windows 8. 

—John Savill 
InstantDoc ID 143059 

Q h I suspect an employee is doing some monkey 
■ business on his Windows-based work computer. 
Can I investigate the activity? Where do I begin? 

A a Generally, yes, you have the ability to investigate work-related 
■ activity on Windows-based computers at work. There’s a 
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Table 1: Windows 8 Keyboard Shortcuts 

Key Combination 

Windows 8 Functionality 

Windows key+spacebar 

Switches input language and keyboard layout 

Windows key+O 

Locks device orientation 

Windows key+, 

Temporarily peeks at the desktop 

Windows key+V 

Cycles through toasts 

Windows key+Shift+V 

Cycles through toasts in reverse order 

Windows key+Enter 

Launches Narrator 

Windows key+Pgllp 

Moves Start screen or Metro style application to the 
monitor on the left 

Windows key+PgDown 

Moves Start screen or Metro style application to the 
monitor on the right 

Windows key+Shift+. 

Moves the gutter to the left (snaps an application) 

Windows key+. 

Moves the gutter to the right (snaps an application) 

Windows key+C 

Opens Charms bar 

Windows key+l 

Opens Settings charm 

Windows key+K 

Opens Device/Connect charm 

Windows key+H 

Opens Share charm 

Windows key+Q 

Opens Search pane 

Windows key+W 

Opens Settings Search app 

Windows key+F 

Opens File Search app 

Windows key+Tab 

Cycles through MoSh apps 

Windows key+Shift+Tab 

Cycles through MoSh apps in reverse order 

Windows key+Ctrl+Tab 

Cycles through MoSh apps and snaps them as they 
are cycled 

Windows key+Z 

Opens App Bar 

Windows key+/ 

Initiates input method editor (IME) reconversion 

Windows key+J 

Swaps foreground between the snapped and filled 
applications 
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key question you need to consider before you investigate: Do you 
believe this “monkey business” involves a law being broken? If so, 
you should contact law enforcement before you do any research or 
investigation at all. 

If you decide to move forward with your own investigation, the 
best place to begin is with an analysis of the behavior. For example, 
if you believe web surfing is involved, consider monitoring the user’s 
web activity from the proxy or router or deploying a Group Policy that 
configures Microsoft Internet Explorer (IE) to retain logs. If the user 
might be accessing data outside his or her defined role, auditing and 
network logging on the client and server are easy to set up through 
Group Policy and will quickly reveal the truth. 

One of the biggest investigation targets I see is based on com¬ 
plaints of users wasting time on personal websites, games, and 
other non-work activities. My suggestion here is generally to have 
a discussion with the employee before monitoring his or her activi¬ 
ties. More often than not, the behavior stops with a strongly worded 
caution. 

—Avril Salter, Mike Danseglio 
InstantDoc ID 142431 

Q h How can I change the number of concurrent 
■ users who can perform remote operations using 
WS-Management on a computer? 

A a Typically, a computer allows five concurrent users who 
■ can perform remote operations using Web Services for Man¬ 
agement (WS-Management). This includes users running remote 
Windows PowerShell. To change the number of users to any num¬ 
ber between 1 and 100, use the following command: 

Set-Item WSMan:\localhost\Shell 
\MaxConcurrentUsers 25 
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where 25 is the user number. To check the current value, use the fol¬ 
lowing command: 

Get-Item WSMan:\1ocalhost\Shel1\MaxConcu rrentUsers 


—John Savill 
InstantDoc ID 142720 


Q h Can I use the Windows Time service for 

■ applications that require accuracy within a second? 

A a The Windows Time service that is part of the Windows OS 
■ is designed to ensure systems are time-synchronized enough 
for Kerberos authentication to work, and for basic time synchroniza¬ 
tion as outlined at the Microsoft Support article “ Support boundary 
to configure the Windows Time service for high accuracy environ¬ 
ments .” This time synchronization doesn’t ensure time is synchro¬ 
nized within a couple of seconds, which some applications require, 
and is therefore not suitable for them. If you require synchronization 
within a second or two, then you should use third-party time syn¬ 
chronization solutions such as those listed at the National Institute of 
Standards and Technology (NIST) site . 

—John Savill 
InstantDoc ID 142784 

Q h Because I’m using a Citrix solution, do I need a 
■ Remote Desktop Services Client Access License? 

A m A Remote Desktop Services (RDS) Client Access License (CAL) 
■ is needed whenever any component of the Remote Desktop 
Service (or formally. Terminal Services) role is used. This could be an 
actual Remote Desktop Session Host (via Terminal Server), it could be 
RemoteFX running on Hyper-V attached to a virtual machine (VM), 
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the RD Connection Broker, or any component. The two main Citrix 
solutions I want to focus on are XenApp and XenDesktop. 

XenApp is a session virtualization technology that delivers either a 
desktop or just an application that’s running on a remote server OS. 
Because XenApp is built on RDS, the RDS CAL is required for every 
device or user that uses XenApp. 

XenDesktop is Citrix’s Virtual Desktop Infrastructure (VDI) solu¬ 
tion that uses pure Citrix components. No RDS role services are used, 
which means that for a pure XenDesktop solution, the RDS CAL isn’t 
required. But there is a caveat. While XenDesktop doesn’t require the 
RDS CAL, it’s very common that XenDesktop deployments also use 
XenApp to deliver applications to the VDI desktops. If the XenApp 
capability is used with XenDesktop, then the RDS CAL is required. 

—John Savill 
InstantDoc ID 142995 

Q h How can VMware Player be useful for employee 
■ VPN connections? 

A m Depending on which remote-connection solution you use, 
a working from outside the office can be a pain. Many VPN solu¬ 
tions cut off connectivity to local network resources as soon as a VPN 
connection is established. With others, the multistep process to make 
the connection and ultimately find the on-the-LAN resources you’re 
seeking gets cumbersome. One inexpensive solution that can aid users 
outside the network gets an assist from the no-cost VMware Player. 

Here’s how it works: Create a template virtual machine (VM) using 
either VMware Player or VMware Workstation. Include in this VM any 
software and scripts that set up your VPN connection. When ready, 
power down the VM and make it available for users to download. 
By creating and distributing preconfigured VMs that are equipped 
to automate the VPN connection process, you can deliver to users a 
ready-to-go desktop for remote situations. Because this desktop exists 
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as a separate VM, its VPN connection won’t necessarily disable con¬ 
nections from the user’s primary desktop. Better still, by having users 
connect via a preconfigured VM, you retain better control over the OS 
instances that connect into your internal network. 

—Greg Shields 
InstantDoc ID 141911 


Q h How can I see the dependencies of a 
■ management pack? 

A m Many management packs have dependencies on other 
■ management packs. An easy way to check is to download 
the MPViewer from the MSDN blog of Boris Yanushpolsky . After you 



install it, select a management pack and it will show full information 
including any dependencies (see Figure 3). ■ 


—John Savill 
InstantDoc ID 143055 
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Bring your own device—but seci 



Y ou’ve probably sat in a meeting with your CIO or CFO and 
heard about the business benefits of the “Consumerization of 
IT.” Advocates for this practice, also known as Bring Your Own 
Device (BYOD), say that workers are more productive when using 
devices with which they’re more comfortable. Proponents also say 
that real cost savings can result from allowing users to connect their 
own devices to the corporate network, by eliminating the need to buy 
cell phones and tablets for each user and by reducing calls to IT Help 
desks as people use familiar devices. Managers might believe that 
employees who use their own personal devices to connect to corpo¬ 
rate email systems, websites, and document management systems 
are more likely to be available outside of normal business hours and 
thus to work more than their colleagues. Even your HR department 
might be a proponent of BYOD because it helps to attract and keep 
younger talent fresh out of college. It might cite studies and reports 
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that younger employees expect to work where and when they want, 
with the tools and devices with which they feel most comfortable. 

Similar to BYOD is shared ownership of devices, in which employ¬ 
ees are given a budget to buy a cell phone or tablet of their own 
choosing for work purposes but can also use it as a personal device. 
Emerging evidence indicates that shared ownership results in fewer 
lost and broken devices because employees are more likely to take 
care of these items, especially when they do double duty as primary 
personal devices. However, for all the potential benefits, there are 
certainly pitfalls and issues that enterprises of all sizes must con¬ 
sider before openly accepting and promoting BYOD. In fact, there is a 
strong chance that some employees in your organization are practic¬ 
ing BYOD surreptitiously and potentially in violation of policy. Such 
folks might already have connected their personal cell phones and 
tablets to your enterprise systems, placing the enterprise at risk. 

Risks of BYOD 

Over the past few years, organizations have gone to extraordinary 
lengths to ring-fence and defend their most valuable data assets against 
loss or theft. This effort is due in part to an explosion of concerns 
about privacy, the passing of data-breach notification laws, and corpo¬ 
rate espionage. Many organizations have invested heavily in Data Loss 
Prevention (DLP) technologies and regularly review who has access to 
data, when they access that data, and for what reason. Unfortunately, 
BYOD-related activity can quickly render DLP solutions and access 
reviews useless, and organizations can find out far too late that they 
have suffered a data breach. 

Consider the Apple iPad, which increasingly turns up in confer¬ 
ence rooms and meetings, regardless of whether BYOD is sanctioned 
or whether your organization has a policy to manage the use of 
personal devices. A user might open a document attached to an 
email message that was sent to a corporate email account or might 
download a document from a Microsoft SharePoint site, and then 
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use Apple iWork Pages to open that document for use in a meeting. 
The iPad automatically syncs the document to Apple’s iCloud, and 
the document is then available from every iOS device that the user 
owns, including iPhone and iPod touch devices (and soon, Macin¬ 
tosh computers). The document is available from the iCloud website 
when the user logs on from any PC or Mac. If the document contains 
any personally identifiable information or other sensitive data (e.g., 
unreleased financial data) and if the user loses an iCloud-connected 
device or if the user’s iCloud credentials are compromised, your or¬ 
ganization might need to notify authorities, partners, and customers. 
Just the fact that the document is no longer under your organiza¬ 
tion’s control could be grounds for breach notification. 

The problem isn’t unique to Apple mobile devices. Employees with 
Windows Phones, Android tablets and phones, and other devices can 
pose similar risks by using these devices to access enterprise data, 
especially if their use isn’t managed and monitored. 

A common concern across all devices is whether user data that 
is stored on the device, including data downloaded from enterprise 
email and document management systems, is encrypted to help pre¬ 
vent access by unauthorized individuals. Other concerns are whether 
the device includes a removable media card, such as a Micro SD card 
(some of which can store as much as 64GB); whether data can be 
stored on the cards; and whether the card is encrypted and paired to 
the mobile device so that it can’t be inserted into another device and 
its contents accessed. 

Another issue that must be considered is how to disable and wipe 
devices that are lost or stolen or that belong to employees who quit or 
are terminated, especially if those devices contain sensitive data. 

Other risks can come with BYOD-related activity, and more will 
likely emerge over time as these devices become more powerful or are 
updated to new software releases with new features. The only way to 
manage risk is to establish a BYOD policy, put it in place with appro¬ 
priate controls, and monitor it. 
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You’re highly 
unlikely to 
prevent 
employees 
from using 
their own 
devices. 
Accept that 
fact...and take 
appropriate 
steps to 
manage the 
risk. 


Creating a BYOD Policy 

I recommend that all organizations, even those that don’t intend to 
allow employees to use their own devices to access enterprise sys¬ 
tems and data, create a BYOD policy. I’ll be candid: Despite your best 
efforts, you’re highly unlikely to prevent employees from using their 
own devices. Accept that fact, allow employees to use their devices, 
and take appropriate steps to manage the risk. 

What should your BYOD policy consist of? Consider the audience 
for the policy. Few end users of IT services—your employees—are 
likely aware of your organization’s policy, even if they’re required 
to acknowledge and adhere to it. What employees know about what 
they may to do with corporate assets—including computers, email 
systems, and data—they usually get from awareness training, col¬ 
leagues, and their own sense of propriety. A policy is typically used 
only by managers, lawyers, and HR staff when dealing with compli¬ 
ance obligations, data breaches, and gross violations of policy. For 
this reason, I recommend that your BYOD policy be high-level and 
provide general guidelines rather than specific details. 

For example, the policy might state that only approved devices (as 
determined by the IT department) can be used to access corporate 
systems and networks that contain certain categories of data (as au¬ 
thorized by the legal department). The policy might also state that the 
organization reserves the right to manage the devices remotely, includ¬ 
ing wiping and inspecting them. This last part is extremely important, 
and you should have your legal department review the terms. Without 
a policy statement that says the organization can manage employees’ 
personal devices when they are connected to the corporate network 
or used to access corporate information, your organization might find 
itself in court defending its actions after remotely wiping a terminated 
employee’s cell phone, which contained holiday pictures along with 
confidential corporate information! 

After putting the high-level policy in place and making your em¬ 
ployees aware of it, the next steps are to determine which systems 
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and data your employees are allowed to access from their personal 
devices and which device makes and models employees can use. 
Separating these details from the actual policy and placing them into 
standards and guidelines allow you to update them later, without 
the approvals that are usually necessary for a change in policy. Stan¬ 
dards and guidelines are usually written without the legal language 
of policies, making them more understandable and more likely to be 
adhered to. 

Determining Accessible Systems and Data 

Rushing into a definition of which personal devices can be used is 
tempting. But first, consider the systems and data that can be ac¬ 
cessed. When you perform a risk assessment, you focus on the asset 
value (usually the collected, held, and processed data) in determining 
security controls. In the same way, you need to start with the systems 
and data to determine which security features the accessing devices 
must support. 

Try to avoid the rush judgment that some systems and data (e.g., 
email systems) are safe to access from personal devices. Email might 
be the most commonly used means of distributing information between 
employees, and most of it might seem routine. But it can be used to 
convey highly sensitive information, such as personnel matters, finan¬ 
cial information, and customer details. Any of these pieces of informa¬ 
tion might require your company to follow breach-notification rules if 
a device containing them is lost or stolen. 

The simplest approach is to turn to your asset classification policy, 
assuming you have one. Most organizations define levels of classifi¬ 
cation—such as Low, Medium, or High Impact—arising from the loss, 
disclosure, or destruction of the asset. Low Impact data is typically 
public information, such as online sales systems, published price 
lists, parts databases, and the like. Medium Impact data usually in¬ 
cludes project planning schedules and reports, sales forecasts and re¬ 
ports, most non-routine email messages, and source code to in-house 
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developed line of business (LoB) applications. High Impact data is 
typically regulated data or data that, if lost, would result in signifi¬ 
cant loss to the organization. Examples of High Impact data include 
personally identifiable information about employees and customers, 
protected healthcare information, confidential product plans, and 
revenue projections and forecasts for publicly traded companies. 

A decision to permit access from personal devices to Low Impact 
data and the systems that process it is probably acceptable. Access 
to Medium Impact data, which would include email, can be more 
problematic. Still, with the right access-control features on personal 
devices, access to some or all of this data might be acceptable. This 
is especially true if you use other technologies, such as Secure MIME 
(S/MIME) encryption or Active Directory Rights Management Ser¬ 
vices (AD RMS) and Information Rights Management (IRM), to pro¬ 
tect sensitive email in the environment. You likely won’t want to 
permit access from personal devices to High Impact data. For execu¬ 
tives and other employees with a need to access this type of data from 
phones and tablets, consider issuing devices that are locked down to 
meet the most stringent requirements. 

Defining BYOD Standards 

When you have a list of data that you’re willing to permit employees 
to access from personal devices as well as the systems that host or 
process that data, you next need to define device standards. Device 
standards are simply the software, features, and controls that must 
be present on personal devices to access enterprise data. In defin¬ 
ing these standards, look at the standards that you have in place for 
the existing systems and networks that host and process the data. 
These standards should be met or exceeded on the devices that 
your employees will use. Focus on areas such as identity and access 
management, encryption of data at rest and in transit, encryption 
algorithms and key lengths, endpoint security, data loss prevention, 
and so on. 
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Of increasing concern is the ability to keep the software on mobile 
endpoints current. Recent research has shown that many devices, 
especially those shipped by mobile phone operators (often as part 
of a one- or two-year service contract), aren’t updated to address 
known vulnerabilities. Even when updates are available, evidence 
strongly suggests that device owners and users are unaware of the 
availability of updates or of how to apply them. When considering 
device standards, you need to be aware of the software revisions that 
are available for the multitude of devices (e.g., the various versions 
of the Android OS, tailored for each handset and tablet manufacturer) 
and the vulnerabilities in each. This knowledge will help you define 
minimum acceptable software versions that must be in place. 

Although your focus should be on features and controls that must 
be in place to allow a particular device to access enterprise resources, 
you can’t ignore how owners and users of these devices will use them 
away from work. For example, which applications will the user in¬ 
stall, and will those apps have access to your corporate data? A typi¬ 
cal example is an application downloaded from an online app store 
supported by the device manufacturer. What if the app has access 
to contact lists on the device and a contact list is synchronized with 
your corporate email system—which contains the names, addresses, 
and other personally identifiable information of your employees and 
even some customers? You must consider how to restrict access to 
that data to approved applications only, and what to do if a device 
doesn’t support this feature. You might need to prevent employees 
from installing some or even all applications on their personal de¬ 
vices, or permit them to install applications on a pre-approved list. 
If employees are allowed to install applications on their personal de¬ 
vices, then consider a means to ensure that those apps are updated 
with releases that address discovered vulnerabilities. 

When you have identified the features and controls (i.e., standards) 
that must be in place on devices, the next step is to identify the de¬ 
vices that support those standards. This step isn’t as easy as you 
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might hope, given the multitude of devices and software versions in 
existence. You typically need to visit each manufacturer website and 
spend time looking for details for each device. Some manufacturers, 
such as Apple, provide enterprise and business features and integra¬ 
tion information (see Apple’s business webpage ); others don’t. 

Managing Devices 

After you have created your policy, identified the data and systems 
that can be accessed by personal devices, and identified which de¬ 
vices can connect to your enterprise network, you need to find a way 
to manage those devices to ensure that the policy is adhered to and 
standards met. You also need to ensure that you can track the use of 
personal devices to access enterprise resources and data. And you 
need the ability to remove data or decommission lost or stolen de¬ 
vices, as well as devices that belong to employees separated from the 
company. This is often the most challenging aspect of implementing 
a BYOD policy. 

The good news is that if you have Microsoft Exchange 2010 and you 
choose to allow devices to connect to your email system, you have a 
rudimentary management toolset that can allow, deny, or quarantine 
devices; allow connections to corporate networks and systems based 
on basic characteristics such as strong password or device encryp¬ 
tion capabilities; and apply policies to enable each. The bad news is 
that this toolset requires devices to be honest when reporting device 
characteristics and capabilities and to actually enforce the policies 
that are pushed down. In the past, some devices that were purported 
to have these characteristics and capabilities didn’t. Hackers can also 
take the protocols that the Microsoft Exchange ActiveSync (EAS) ser¬ 
vice uses to manage devices, and mock up devices that don’t honor 
policies and can be used to extract data from your organization. 

Companies such as Research In Motion (RIM) and Apple provide 
tools that enterprises can use to manage their products. These com¬ 
panies typically allow the enterprise to create policies that can be 
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distributed to devices by email or some other means and to restrict 
users’ ability to adjust or remove those policies. These tools are free, 
or can be used for free by small-to-midsized businesses (SMBs). 
The problem is that if you choose to support multiple device manu¬ 
facturers and different versions of devices and software, managing 
each in silos quickly becomes infeasible, especially in a large enter¬ 
prise environment or one in which end users have multiple devices 
that they exchange or upgrade frequently. In such environments, 
you need to invest in a mobile device management solution. The 
major solution providers support multiple devices from all major 
manufacturers. A note of caution, however: These solutions can 
be complex and overwhelming, although they typically come with 
enterprise-class features such as VPN solutions and sophisticated 
monitoring and reporting tools. 

Bringing It All Together 

BYOD is fast becoming an employee expectation. However, it brings 
high risk to the enterprise if it isn’t managed carefully. To minimize 
the risk, organizations need to create policy surrounding the use of 
personal devices to access enterprise systems and data. Make employ¬ 
ees aware of this policy and provide appropriate training that covers 
what is and isn’t acceptable. Organizations need to determine which 
data and systems personal devices can access, and how. The clas¬ 
sification of these systems can be used to identify device capabilities 
and characteristics, which will determine which devices employees 
are permitted to use. Lastly, the organization needs to use a toolset 
to create and enforce technical policies on employee devices and to 
remotely manage and wipe lost or stolen devices or those that belong 
to employees separated from the organization. ■ 
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M icrosoft System Center 2012 represents the unification of 
the System Center family of products. These products were 
previously part of a suite but all ran on their own release 
schedules and didn’t really provide rich interaction. In System Center 
2012, we get a single product that consists of several components 
that have rich integration, primarily through System Center Service 
Manager 2012 and Orchestrator 2012, which provide a complete data 
center and desktop management solution. 

All the components in System Center 2012 have had major en¬ 
hancements, but System Center Virtual Machine Manager (VMM) 
2012 has grown the most. VMM now offers numerous new capabili¬ 
ties and improvements. Is your organization thinking about imple¬ 
menting a private cloud, enabling Infrastructure as a Service (IaaS) 
with end-user self-service and managing heterogeneous, geograph¬ 
ically distributed data centers through hypervisors? Then using 
VMM 2012 for storage, networking, and streamlining your virtual¬ 
ization management is going to be a delight. At the same time, all 
the features you expect (based on previous VMM versions), such as 
physical to virtual (P2V), virtual to virtual (V2V), large farm man¬ 
agement, templates, and so on, are still available—and enhanced. 
In this article. I’ll focus on some of the major new functionality in 
VMM 2012. 
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Managing the Computer, Storage, and Network Fabrics 

To provide a virtualization service, three building blocks must be 
present. The following factors make up the underlying fabric of the 
virtual infrastructure: 

• compute—physical servers and the hypervisors that enable the 
creation of virtual machines (VMs) 

• storage—SANs and other disk resources 

• network—physical topology, virtual LANs (VLANs), IP addressing, 
and hardware load balancers 

The fabric of your organization might be divided up among multiple 
data centers and technologies. Many organizations have a mix of hy¬ 
pervisors, such as Windows Server Hyper-V, VMware ESX, and Citrix 
XenServer; different SAN vendors; and a variety of network hardware 
and configurations. 

Previous versions of VMM did a great job managing Hyper-V en¬ 
vironments but lacked the ability to manage other hypervisors and 
gave no real visibility into or management of networking or storage. I 
can hear some of you correcting me: “VMM 2008 can manage ESX!” 
My response is that technically VMM can manage ESX VMs, but that 
doesn’t mean anyone really used it that way. VMM 2008 takes ESX 
templates from VMware vCenter, deleting them from vCenter in the 
process. Then, when you want to deploy a template to ESX, copying 
the template from VMM to ESX took such a long time as to make the 
template fairly unusable. And there were many other limitations. 

VMM 2012 works with vCenter. Now, VMM imports template meta¬ 
data from vCenter, allowing visibility of the template configuration and 
use of the template through VMM 2012, but it also uses vCenter to de¬ 
ploy the templates, providing a fast and efficient experience. VMM 2012 
adds direct management support for XenServer VMs through a System 
Center Integration Pack that is installed on the XenServer. The use of the 
System Center integration pack on XenServer removes the need for VMM 
to manage via XenCenter, which is the XenServer equivalent of VMM. 
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Virtualization hosts running any supported hypervisor can be dis¬ 
tributed in the VMM hierarchy. This capability gives you a means 
to separate management and use according to organizational needs 
(e.g., location, business unit) instead of being bound by the type of 
hypervisor that the server is running. At release to manufacturing 
(RTM), VMM 2012 will support Hyper-V in Windows Server 2008 
R2 or earlier, ESX 4.1 or earlier, and XenServer 6. At the time of this 
writing, the technology preview of VMM 2012 Service Pack 1 (SP1) 
supports Server 2012 Hyper-V and enables management of some of 
the new Server 2012 Hyper-V capabilities, such as network virtual¬ 
ization and Server Message Block (SMB) 2.2 file shares. Support for 
ESX 5.0 is on the roadmap for a future update. 

Storage and networking fabric integration is a huge addition in 
VMM 2012, giving real visibility and manageability. This change was 
required for three reasons: 

• Virtualization administrators often want visibility of underly¬ 
ing storage to understand the best configuration and available 
resources. 

• Organizations have multiple data centers in different loca¬ 
tions, so an abstraction of the physical fabric is required to ease 
management and to deploy services quickly in a distributed 
environment. 

• Self-service and a shift to applications and multi-tiered services 
require the management infrastructure to provision underlying 
fabric resources. This process includes provisioning of not just the 
required VMs but also of storage on the correct SAN, based on the 
requesting users’ storage preference and VM location. The process 
also includes connecting VMs to the correct switches to ensure 
network connectivity. After the VM is connected to the network 
switch, the VM guest OS must be configured with the correct IP 
address and VLAN configuration. In addition, provisioning of 
fabric resources might include configuration of hardware load¬ 
balancing equipment, on behalf of the user. 
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VMM adds both network and storage-fabric visibility as well as dif¬ 
ferent levels of manageability. On the storage side, VMM can be con¬ 
nected to SANs that support the new Storage Management Initiative 
Specification (SMI-S) industry standard, by importing the SMI-S pro¬ 
vider for the SAN into VMM, adding SANs to VMM, and then classify¬ 
ing the various LUNs and aggregates into whichever tier definitions 
work for your organization. Gold, silver, and bronze storage tiers are 
typically used to represent performance and redundancy, giving you 
an easy way to select the type of storage that you need for different 
applications. Figure 1 shows a basic view of a single SAN with only 
a few LUNs. This same view is available for complex environments 
with many SANs and hundreds of LUNS. When storage is used as part 
of a new VM creation, VMM can automatically select the appropriate 
LUN, based on the requested storage tier, the requested location, and 
the required amount of space. For Flyper-V servers, VMM connects to 
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the host, performs the iSCSI initiator configuration so that the host is 
connected to the SAN and LUN, creates the necessary volumes, and 
performs any zoning on the SAN to ensure that the right nodes have 
access. A similar process is available for Fibre Channel-connected 
SANs, but automatic zoning is not performed (although it is on the 
roadmap for a future VMM release). The administrator can easily 
view the state of all connected storage and can perform some basic 
storage management. 

On the network side, imagine that you have five data centers. Each 
data center has a number of networks, such as backup, production, 
test, and demilitarized zone (DMZ). For each network in each loca¬ 
tion, there are different IP and VLAN configurations. VMM allows 
you to define logical networks, such as production and backup, and 
then define various sites (e.g., London data center, Dallas data cen¬ 
ter) for each logical network, with each site having its own IP and 
VLAN configuration. 

As part of the site configuration, you can also configure a pool of IP 
addresses that are owned by VMM. When a new VM is created and 
connected to a defined logical network within a site, VMM automati¬ 
cally configures the new VM with the right VLAN and a static IP. VMM 
checks this IP out from its pool during VM provisioning, by updating 
the Sysprep file of the VM. Although DHCP could handle this process, 
most organizations prefer to use static IP configurations for servers; 
by using VMM IP provisioning, administrators get the best of both 
worlds. In addition to providing VLAN and IP configuration based on 
network and location, VMM can connect to hardware load balancers 
such as F5 Networks BIG-IP and automatically perform configuration 
when a load balancer is needed as part of a multi-VM service deploy¬ 
ment. See the video on page 51 to see this in action. 

VMM 2012 introduces many more capabilities to manage the 
Hyper-V virtualization hosts, with the aim of providing one tool 
to create, maintain, and manage your Hyper-V environment. VMM 
2012 integrates with both Windows Deployment Services (WDS) and 
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Windows Software Update Services (WSUS) so that you can deploy 
Server 2008 R2 with Hyper-V to bare-metal boxes, perform configura¬ 
tion, and keep the servers patched. 

The patching integration with VMM 2012 adds a new capability. 
With one mouse click, you can patch an entire Hyper-V cluster. VMM 
2012 can evacuate all VMs from one host by using live migration 
(meaning no downtime to the VM), patch the host, reboot, verify the 
host’s health, bring the VMs back, and then move to the next host, 
where it repeats the process. An entire cluster of Hyper-V hosts can 
be patched with no downtime and basically no administrative effort. 
This patching is for the Hyper-V hosts only; the patching capability is 
not for the VM guest OSs. System Center Configuration Manager, also 
part of the System Center 2012 product, does a great job of patching 
guest VM OSs. Another interesting capability in VMM 2012 is the abil¬ 
ity to run custom commands and scripts on Hyper-V hosts through the 
VMM console, providing an easy remote-administration capability. 

Performance Resource and Optimization (PRO) is a VMM 2008 R2 
feature that allowed automatic balancing of VM in a Hyper-V cluster 


WWW.WINDOWSITPRO.COM 


Windows IT Pro / July 2012 51 





Feature 


A 


via integration with Operations Manager. This balancing is based 
on resource utilization, similar to VMware Distributed Resource 
Scheduler (DRS). VMM 2012 still has the PRO feature, which enables 
third-party extension capabilities to the distribution logic. Through 
PRO integration, VMM can monitor and correct anything that can be 
defined in an Operations Manager Management Pack. Imagine the 
scenario in which storage might be failing. Operations Manager can 
detect this problem and then use VMM to evacuate VMs off the failing 
storage, all via PRO integration. 

There are also two new capabilities in VMM 2012—Dynamic 
Optimization and Power Optimization—neither of which requires 
Operations Manager. Both optimization technologies are reactive and 
work on defined thresholds to trigger the movement of VMs. Dynamic 
Optimization allows thresholds to be configured for CPU, memory, 
disk, network, and the aggressiveness of the optimization, as Figure 2 
shows. As hosts cross the thresholds, VMs are moved to return the 
hosts to the target utilization, balancing VMs between all hosts in a 
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cluster. Power Optimization does the opposite: It tries to consolidate 
VMs onto fewer hosts, provided that the consolidation won’t push 
the utilization of the remaining hosts over a specified threshold. This 
allows the remaining hosts to be powered down, saving power, and 
woken up over the network when needed. You can configure specific 
hours so that Power Optimization occurs only outside of peak hours 
(e.g., only at night]. 

More to Come 

You probably noticed that I didn’t talk about the VMM self-service 
interface. VMM 2012 has a self-service portal, but it hasn’t really 
changed from the in-box portal in VMM 2008 R2—which means that 
it isn’t something you should use for real end-user self-service. The 
true self-service portal power is delivered through System Center 
Service Manager and System Center AppController, which are part of 
System Center 2012. 

Nor did I talk about enabling a private cloud with VMM 2012. VMM 
provides the majority of the functionality that’s required to enable a 
private cloud in an organization, relying on many of the technologies 
that I’ve covered, such as full fabric management including logical 
networks and storage management, heterogeneous hypervisor sup¬ 
port, and provisioning and maintenance of Hyper-V clusters. VMM 
introduces the concept of clouds of resources, which form the founda¬ 
tion of a private cloud. In a future article, I’ll discuss how to expose 
the private cloud in your organization—after I share two key aspects of 
VMM 2012: Server Application Virtualization and Services Modeling, 
which I’ll tell you about in the next article in this VMM 2012 series. 

VMM 2012 provides a powerful virtualization management platform 
with a vast amount of new technology to explore and master. When 
VMM is fully exploited in your organization, it won’t only make man¬ 
agement of your data center virtualization easier, it will also enable new 
capabilities such as user self-service and that big fluffy private cloud. ■ 
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M ulti-mailbox discovery searches receive a lot of head¬ 
line attention when discussion turns to the features of 
Microsoft Exchange 2010 (or Exchange Online, as de¬ 
ployed in Microsoft Office 365). And why shouldn’t this be the case? 
Microsoft invested heavily during the development of Exchange 
2010 to create an array of features that could satisfy the compliance 
requirements of large organizations. Although small organizations 
also need to comply with legislative or other regulatory directives, 
large organizations tend to devote the most attention to this aspect 
of email—if only because they are often targets for discovery actions 
launched by external parties. 

In any case, although the legal community will luxuriate in its 
ability to expedite discovery searches and review the results, mes¬ 
saging administrators often have more mundane concerns. For ex¬ 
ample, how do you remove objectionable items from user mailboxes 
without teaching every user how to use Outlook or another client to 
purge items, especially when accessing an item might download a 
malicious payload? The good news is that Exchange 2010’s built-in 
compliance features can also be used to locate and eradicate prob¬ 
lematic items. 
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Email as a Virus Vector 

In the early days of email viruses—around the time that users still 
happily opened any message that proclaimed love for the proud recip¬ 
ient (the first I Love You virus appeared in May 2000)—many anti¬ 
virus engines that protected email servers were slow and ponderous. 
These engines depended on the ability to log on to every mailbox on 
a server to check incoming messages. As the number of mailboxes 
grew and the volume of messages increased, this technique struggled 
to cope. Viruses could often sneak past the checks on incoming email 
to penetrate mailboxes. In these cases, administrators might be forced 
to log on to user mailboxes to check for and remove problem mes¬ 
sages before they could spread infection. 

It was only after Sybari (bought by Microsoft in 2005) introduced 
the “ESE shimmy,” enabling its antivirus engine to load its code before 
the Information Store, that we had reliable and robust antivirus prod¬ 
ucts for Exchange that could catch viruses quickly. Today’s antivirus 
products all use a supported Microsoft API for fast and reliable access 
to mailbox contents. 

Evolving Needs for Search and Destroy 

With servers protected by reliable antivirus barriers, administrators 
aren’t likely to be forced to rush to disinfect mailboxes by searching 
and removing infected messages. However, we live in a litigious envi¬ 
ronment, so the need for search-and-destroy activities has evolved. It’s 
common to receive requests from an authority (e.g., the HR depart¬ 
ment, senior management, legal advisors), asking administrators to 
remove specific messages from user mailboxes. Perhaps someone 
sent out information that they should not have, or a company is com¬ 
pelled by a legal order to remove all references to an event, project, 
or product. In such circumstances, an Exchange administrator starts 
to consider using the Search-Mailbox cmdlet. 

Exchange 2010 includes a GUI to create and execute multi-mailbox 
discovery searches from the Exchange Control Panel (ECP). These 
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searches use the New-MailboxSearch cmdlet to search a set of specified 
mailboxes and copy the results to a discovery mailbox. The big dif¬ 
ference between the two cmdlets is that Search-Mailbox can search 
and remove content (i.e., seek and destroy) from a specified mailbox, 
whereas New-MailboxSearch is optimized to scan as many as 25,000 
mailboxes and then copy the discovered content. The limit of 25,000 
is set to restrict the amount of memory that multi-mailbox searches 
use. If necessary, you can update the system registry to increase this 
number by following the steps described in the article “ Exchange 2010 
Discovery: Modify the maximum number of mailboxes searched at a 
time .” Another feature of New-MailboxSearch (from Exchange 2010 
Service Pack 1—SP1—onwards) is the ability to deduplicate search 
results so that separate copies of the same item aren’t taken from 
multiple mailboxes. 

You can use Search-Mailbox to process multiple mailboxes. However, 
you must first form a collection of the desired mailboxes by using a 
cmdlet such as Get-Mailbox , and then pipe the resulting data for pro¬ 
cessing by Search-Mailbox. The downside of using Search-Mailbox is 
that Exchange provides no UI in either Exchange Management Console 
(EMC) or ECP to construct and execute searches, as it does for multi¬ 
mailbox discovery searches. Instead, you must invoke these searches 
through Exchange Management Shell (EMS). The commands that I 
describe in this article are valid for both on-premises Exchange and 
Exchange Online. 

Finding Data 

The first order of business is to define what you want to find. In 
general, the more specific the search criteria, the better, faster, and 
more accurate the search will be. Casting a net to find every item with 
a subject containing “Test” on a large mailbox server will keep the 
computer occupied, but the results are unlikely to satisfy anyone. 

Both the Search-Mailbox and New-MailboxSearch cmdlets support 
the AQS syntax, a powerful method to build searches for the mix of 
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structures found in mailbox data, which comprise text that can contain 
just about anything as well as well-known properties such as author, 
subject, and date. The trick in successful Exchange searches, both in 
simple mailbox searches and multi-mailbox discovery searches, is to 
spend time making the search query as specific as possible before you 
launch it on a server. 

In this case, let’s assume that many tasteless messages have re¬ 
cently appeared in mailboxes. You want to perform a public service 
for users by removing these messages. You know the date range when 
the messages appeared, as well as some of the not-so-nice terms that 
the message body contains. Equipped with this knowledge, you can 
build a query and test its effectiveness. 

To begin, you’ll search just one mailbox. Ideally, choose one that 
you know holds some of the target messages, and run the following 
command: 

Search-Mailbox -Identity 'Billing' -SearchQuery "Received: 

> $('01/01/2012 00:00:00') AND Received: < $('01/31/2012 
23:59:59') AND hookup" -LogLevel Full -LogOnly -TargetMailbox 
'AdminMailbox' -TargetFolder 'Search Results' 

This command 

• searches the Billing mailbox, as indicated in the -Identity parameter 

• uses the AQS query that says, “find anything between January 1 and 
January 31 AND includes the word hookup in the message body” 

• creates a full log of operations but doesn’t do anything except log 
what you do 

• puts the results in the Search Results folder of the AdminMailbox 
mailbox 

Note the use of times in the AQS query. You don’t need to pass time 
details—a date is usually enough to find data—but best practice is to 
be as exact as you can whenever you look for information. 
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The output of this search is a message that’s created in the destina¬ 
tion folder. As you can see in Figure 1, the search results indicate that 
three items have been found. Also note that Exchange has attached 
a ZIP hie to the message. This hie contains a comma-separated value 
(CSV) hie with the details of the found items. You can use this infor¬ 
mation to conhrm that the correct items have been located. 


Figure 1 

Search results 
indicating targeted 
items found 


From 

Cc. 

5ob*<1 Search RtlliRf-31 Ul TOli 21 -00 33 

Sent Tu< 31 01/2012 

j Message Swch Results. <fv iv U KB; 

The search has Succeeded. 


Started by: 

eurprd04\TRedmord 


Start Time: 

31/01/2012 21:00:38 


Size: 

12.57 KB (12473 bytes) 


Items: 

3 


Results: 

eurprd04\TRedmond 


Errors: 

None 


Operations performed: 

Log message created in the target mailbox. 


Query: 

Received:» 01/01/2012 00:00:00 and Received:* 01/31/2012 23:50:50 AMO hookup 

Search Dumpster 

True 



Ful 


Mailboxes to search: 

(1) eurprd04'(Billing 


Set attachment* for additional logging information whan M logging « enabled. 




Deleting Content 

After you’re satished that you have a solid set of search criteria 
ready to go, you can modify the previous command to add pro¬ 
cessing power. Remember that Search-Mailbox operates on just one 
mailbox at a time. Sometimes this is sufficient, but not when you’re 
trying to eliminate problematic messages from every mailbox on a 
server. 

One method is to read a list of mailboxes from a data hie and 
feed the mailbox names, one by one, to Search-Mailbox. This is a 
good approach when you need to process a set of mailboxes that are 
spread across multiple mailbox servers or perhaps the output of an 
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external data feed, such as from an HR system. However, the usual 
approach is to use the Get-Mailbox cmdlet to build whichever set of 
mailbox objects need to be processed, and then to pipe those objects 
to Search-Mailbox. In the following example, I tell EMS to process 
every mailbox in the organization. This works for a test or a small 
organization, but it’s probably better to break things up if you have 
more than 1,000 mailboxes to deal with. That way, the processing 
load is spread over time or over servers. For example, you could use 
Get-Mailbox to build a list of every mailbox in a database, every mail¬ 
box on a server, and so on. 

The other major addition to the command is the inclusion of the 
DeleteContent parameter. This parameter instructs Exchange to per¬ 
manently delete the located items from the source mailboxes. If you 
provide values for the TargetMailbox and TargetFolder parameters. 
Exchange will copy the items before it deletes them from the source 
mailboxes. Copying items before deleting them can be an invalu¬ 
able safeguard if a mistake creeps in and data is removed incorrectly. 
Should this happen, you can recover the situation by copying the 
items to a PST and then using the New-MailboxImportRequest cmdlet 
to import the items back into their rightful place in the user mailbox. 
This two-step approach is necessary presuming that you can’t open 
the user’s mailbox to drag and drop the items from one location to 
another. 

If you copy items, be sure that the target mailbox has sufficient 
quota to hold the copied items, which could amount to quite a lot 
should you process many mailboxes. You cannot specify a folder in 
the mailbox that you search to use as the target. 

Get-Mailbox | Search-Mailbox -SearchQuery "Received: 

> $('01/01/2012 00:00:00') AND Received: < $('01/31/2012 
23:59:59') AND hookup" -LogLevel Full -LogOnly 
-TargetMailbox 'AdminMailbox' -TargetFolder 'Search Results' 
-DeleteContent 
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Because the DeleteContent parameter is included, EMS prompts for 
confirmation before executing the command. 

After being launched, Search-Mailbox opens each mailbox in its 
input list, searches for the targeted items, and removes any items 
that match the search criteria. In this instance, we’ve provided a tar¬ 
get mailbox and folder, so Exchange first copies the located items. 
Exchange creates the target folder if it doesn’t exist in the nominated 
mailbox. 

Just like multi-mailbox discovery searches, the mailboxes that you 
search are assigned a subfolder under the target folder; the search 
date and time are used as part of the folder name, to identify the 
particular search. Under this folder, you’ll find an additional sub¬ 
folder for each folder in which an item was found, as Figure 2 shows. 
Copies of the found items are stored in the relevant subfolders. Unlike 
multi-mailbox discovery searches, empty folders are not created if no 
items are found. 


Figure 2 

Results from running 
Search-Mailbox results 
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By default, Exchange searches an archive mailbox if one exists, 
and creates a separate set of folders for any items found in the 
archive. You can exclude archives from searches by passing the 
DoNotlncludeArchive parameter. The contents of the Recoverable 
Items folder are also searched unless you set the SearchDumpster 
parameter to $False. 

Some RBAC Constraints 

The DeleteContent parameter is available only to on-premises admin¬ 
istrators who are members of the Mailbox Import Export Role Based 
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Access Control (RBAC) role group. I think that Microsoft provides this 
extra safeguard to ensure that only suitably authorized users who run 
the Search-Mailbox cmdlet can delete content. By comparison, any 
Office 365 tenant administrator who is a member of the Organization 
Management role group can delete content immediately because 
they automatically hold the Mailbox Import Export role. On-premises 
Exchange and Exchange Online operate radically different RBAC envi¬ 
ronments, and this is just one example of where the two differ. 

You can use the following command to see the current set of assign¬ 
ments for the Mailbox Import Export role: 

Get-ManagementRoleAssignment -Role "Mailbox Import Export" | 
Format-List RoleAssigneeName, EffectivellserName 

If you need to add a user to the Mailbox Import Export role group, 
you can do so by using the Add-RoleGroupMember cmdlet. For ex¬ 
ample, this command adds a user called Joe Smith to the group: 

Add-RoleGroupMember -Identity "Mailbox Import Export" 

-Member "Joe Smith" 

Easy to Delete 

Both Exchange 2010 and Exchange Online include powerful search- 
and-destroy facilities. I hope that you never need to clean out 
funky items in user mailboxes, but it’s good to know that doing so 
is easy! ■ 
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I ’m not sure whether my job is becoming increasingly complicated 
or I’m just getting older and can’t remember anything. Either way, 
keeping on top of every task seems nearly impossible these days. 
Fortunately, I’ve discovered that using Microsoft OneNote to integrate 
some common tools has helped me keep it all together. Here’s a quick 
look at how I keep myself organized. And check out the sidebar, “ Sean 
Deuby’s Take on OneNote ,” for some more ways to apply OneNote. 

A Place for Everything 

To keep meeting agendas and tasks that I need to accomplish in front 
of me and their statuses up to date, I use a combination of OneNote on 
the PC, OneNote Mobile on my Apple iPhone or iPad, and Microsoft 
Outlook tasks. I start with an outline for each meeting; I store this 
outline in OneNote. For example, when I have my weekly one-to-one 
meetings with my director, I use an outline similar to this one 
• Meeting Agenda 
• Attendees 
• Announcements 
• Status of Old Action Items 
• Summary of New Action Items 


I’ve also found it useful to insert meeting details directly into 
OneNote, especially if the meeting organizer has sent a meeting 
agenda in the Outlook invite. To do so, click the Home tab in OneNote, 
choose the Meeting Details button, then choose the meeting. 
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As my boss and I work through the meeting, I run through my 
agenda items, cover any announcements, and give him updates on 
old action items. As we discuss items throughout the meeting, I add 
new action items to the bottom of the list (using my Apple iPad or 
iPhone, which I’ll get to in a bit). 

After the meeting is over, I go back to my desk, highlight each new 
action item, and choose a due date, as Figure I shows. Doing so not 
only adds a flag to the action item in OneNote, it automatically adds an 
Outlook task, as Figure 2 shows. These tasks neatly combine all the action 
items in OneNote into one comprehensive list. The flags in OneNote and 
the tasks in Outlook are tied together. When I click a flag in OneNote to 
check off a task as completed, the Outlook task is updated and marked 
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Figure 1 

Choosing a due date 
for action items 
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Send Job Descriptions back to Supervisors for review (10/25/2011) 

Write procedure for hard drive wipe/disposal (10/24/2011) 
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fH Discuss new FAQ template with tech writer (10/22/2011) 

□ Complete Performance Expectations (10/21/2011) 
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[H Write procedure for HDD disposal (10/7/2011) 


Figure 2 

OneNote action items 
as Outlook tasks 
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complete in the background. At the end of the meeting, I have a clear 
picture of what we discussed, which items were completed, and any 
new action items that I need to keep on top of, as Figure 3 shows. 


Figure 3 
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Organized on the Go 

OneNote Mobile does exactly what the name implies: It allows me 
to take OneNote with me on the go. By using Outlook 2010 on 
the computer and storing the hies in Microsoft SkyDrive, I can 
access all my meeting notes via a free app that’s available for the 
iPhone, iPod, iPad, Android, and of course Windows Mobile 6.1, 
or Windows Phone 7. Figure 4 shows what my meeting notes look 
like on my iPhone. 
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No matter where I am, I always have 
the notes I need at my fingertips—not 
on that notepad that I accidently left on 
my desk. And even when I’m away from 
my desk, I can quickly add a note to the 
agenda whenever I think, “Oh yeah . . . 

I need to remember to ask about this.” 

The PC and mobile versions of OneNote 
always stay in sync, helping me to keep 
everything straight. 

To set up OneNote for the iPhone, 
search for OneNote Mobile in the Apple 
App Store. After installing the applica¬ 
tion, open OneNote Mobile. You will be 

prompted to enter a Windows Live ID account. If you don’t already 
have a Windows Live ID, you can create one. OneNote Mobile stores all 
your data on the SkyDrive that you associate with that Windows Live 
ID account, so be sure to keep your username and password secure. 
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Figure 4 

Reviewing items in 
OneNote Mobile 


Sean Deuby's Take on OneNote 

I use Microsoft OneNote in every facet of my life that requires remembering or keeping 
information. At work, I keep track of meeting minutes, compose new content (I’m writing 
this sidebar in OneNote), record presentation audio in sync with my notes, and document 
new technology as I learn it. At home, I use OneNote to document everything from my 
wife’s ring size to the details of my most recent encounters with cranky customer service 
reps. And, like Eric, I love OneNote’s SkyDrive synchronization across all my computers. 

I use OneNote Mobile for phone and tablet, but performance varies. OneNote Mobile on 
my Windows Phone works wonderfully (as it should), though I must be patient while it 
syncs on launch. The Apple iPad app has a good functional framework but a basic imple¬ 
mentation. Some fundamental features, such as indenting, are missing, and I’ve had several 
pages that never synchronized correctly with the rest of my notebooks. My expectations of 
rapid updates for the app—as we’ve become used to for mobile apps—aren’t high. 

Despite its shortcomings in some mobile versions, I count on OneNote to be the steel- 
trap memory I wish I had myself! ■ 
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The iPad OneNote application takes advantage of the larger screen 
size, so be sure to install the iPad version, rather than the iPhone ver¬ 
sion, on your iPad. 

You can then access your notes from any computer by signing in to 
your Windows Live account and clicking SkyDrive. There, you’ll find 
your OneNote documents in the My Documents folder. However, to 
make the process truly seamless, connect OneNote 2010 on your PC 
to SkyDrive: 

1. Click File, Share. 

2. Choose the notebook that you want to share. 

3. Choose where you want to share the notebook. 

4. Choose where in your SkyDrive you want to share the notebook. 

Figure 5 shows an example of how I shared a notebook called Article 
on the Web, in the My Documents folder in my SkyDrive. 
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SkyDrive Storage 

After you have your SkyDrive set up, you’ll no doubt find other uses 
for it. I keep a copy of important hies that I might need to reference 
on my mobile phone. For example, if a customer is unhappy with my 
company’s response time, I can quickly pull up a copy of our service 
level agreement on my phone. One caveat: In my experience, using 
the SkyDrive on a mobile device is best for consuming content, not 
creating it. Keep this in mind as you decide which hies to access via 
this free Microsoft online hle-storage service. 

Make Life Easier 

This article illustrates just one example of how a mobile version of a com¬ 
mon application, an Internet storage locahon, and an application that 
you already use everyday can make your life easier. Try it for yourself. ■ 
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Outlook 2010: Move 

Sent Messages 

Use VBA code to organize Mailltems after sending 

M icrosoft Outlook's default behavior is to retain a copy of 
sent items in the Sent Items folder. But in a business en¬ 
vironment, in which hundreds of email messages might 
be dispatched each day, such a generic setup might not be satisfac¬ 
tory. Many people want to organize email messages by topic or line 
of business (LOB), which isn’t the same as sorting by conversation, 
as each LOB can contain numerous conversation threads. Although 
moving received messages to a specified folder is simple enough, do¬ 
ing so with sent messages is another matter. The primary stumbling 
block is that, although Outlook provides an option for moving a copy 
of a Mailltem after sending, it does not offer a rule or option setting 
to move the sent item itself. 

Many an Outlook user has attempted to come up with a way to 
move messages after sending, usually relying on complicated timed 
processes and bug-prone Windows API calls via a third-party DLL such 
as Outlook Redemption. After some thought and a little experimenta¬ 
tion, I have come up with a couple of Visual Basic for Applications 
(VBA) macro solutions that should suit your needs nicely. 

Limitations of the Rule-Based Approach 

When confronted by behavior that doesn’t conform to my expecta¬ 
tions or preferences, I tend to be a little hasty in looking for pro¬ 
grammatic solutions. (It’s the developer in me!) But before jumping 
into VBA code with both feet, I try to check out the Outlook Email 
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options and rules. Only after you’ve exhausted those avenues should 
you go looking for more complex fixes. I followed my own advice in 
this instance. 

Let’s see what we can do with the Outlook Rules Wizard. If you 
start with a blank rule, you can choose whether to apply the rule to in¬ 
coming or outgoing messages, as Figure 1 shows. After you select the 
conditions to identify the messages that you’re looking for, you can 
select a folder to which to copy those messages, as Figure 2 shows. 

However, note that this rule creates and moves a message copy; the 
original message is left in the Sent Items folder. The only way to avoid 
this is to clear the Save copies of messages in Sent Items folder check 


Rules Wizard 




Start from a template or from a blank rule 
Step 1: Select a template 

Stay Organized 

Move messages from someone to a folder 
Move messages with specific words in the subject to a folder 
Move messages sent to a public group to a folder 
T’ Flag messages from someone for follow-up 

Move Microsoft InfoPath forms of a specific type to a folder 
Move RSS items from a specific RSS Feed to a folder 
Stay Up to Date 

Display mail from someone in the New Item Alert Window 
Play a sound when I get messages from someone 
3 Send an alert to my mobile device when I get messages from someone 
Start from a blank rule 

-d Apply rule on messages I receive 
-J Apply rule on messages I send 


Step 2: Edit the rule description (dick an underlined value) 
Apply this rule after I send the message 


Example: Move mail from my manager to my High Importance folder 


Cancel 


< Back | Next > Finish 


Figure 1 

Using the Rules Wizard 
to apply a rule 
on sent items 
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Figure 2 

The Rules Wizard 
Select Folder dialog 
box 


Rules Wizard 


Start from a template or from a blank rule 
Step 1: Select a template 

Stay Organized 

Move messages from someone to a folder 
4 ^ Move messages with specific words in the subject to a folder 
Move messages sent to a public group to a folder 
T’ Flag messages from someone for follow-up 

Move Microsoft InfoPath forms of a specific type to a folder 
Move RSS items from a specific RSS Feed to a folder 
Stay Up to Date 

Display mail from someone in the New Item Alert Window 
4l Play cf~ 

J Send 

Start from 

Apply 
lii Appll 


Select Folder 


Step 2: Edit th 
Apply this ri 
with robgra 
move a cop 

Example: f 


Folders: 


El & Mailbox - Gravelle, Robert 

Calendar (1) 

0 JLj Contacts 

a/ Deleted Items (8) 
Drafts [14] _ 


FOSS Export (CR-035) 


0 ijg IK Correspondence 
51 Q Inbox 
-d Infected 
Li ISS 
JS Journal 
tj Junk E-mail 
Notes 



p--'| Next >—r~r 


1 


box (in the Message handling section of the E-mail Options dialog box), 
which Figure 3 shows. The downside to this approach is that it pre¬ 
vents Outlook from keeping copies of any sent messages, so you won’t 
have access to sent messages that aren’t picked up by your rule. 

VBA Fix: Using the Mailltem's Send Event 

Dissatisfied with the rules-and-options route, I rolled up my sleeves, 
made a pot of coffee and got to work. 

Like those who have tread these murky waters before me, I began 
with the MailItem_Send() event. The approach seems straightforward 
enough: You send an email, and then move it. Only one problem: The 
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Figure 3 

The E-mail Options 
dialog box 


message isn’t moved into the Sent Items folder until the Send event 
has completed. Hence, any attempt to find the message in the Sent 
Items folder proves fruitless. Start on second coffee. Think harder. 

Where to Put the Code? 

One key factor in event-driven programming is where to place the 
event-handling code. Make the wrong choice, and you could have 
a brittle and flaky application on your hands. There might be more 
than one candidate, but more often than not, one choice is better 
than the others. 

One event that crossed my mind is my destination folder’s ItemAddO 
event. This event fires whenever one or more items are added to its 
Items collection. But upon further investigation, I realized that this 
event is faced with the same timing problems as the MailItem_SendO 
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event. You’d also need to duplicate the same code for all your destina¬ 
tion folders. Duplication of code isn't considered good style, so forget 
about that idea. 

It seemed that the MailItem_SendO event was still my best choice 
for the code, since I could apply my rule to all outgoing messages. I 
just needed to approach the problem from a different angle. 

Filtering Messages by Criteria 

In a perfect world, we could call our VBA macro from a rule. That 
way, the rule would perform the mail filtering and the macro would 
take care of moving the message. Outlook 2002 added an option to 
run a script on incoming messages, but unfortunately, there’s no such 
option for outgoing messages. No reason to get upset, though; that’s 
an inefficient way to launch script code anyway. I’ve tried it a few 
times and found it to be highly unreliable. Every now and then, it 
causes an error and the rule is deactivated. We’ll do our filtering right 
in the oMsg_Send() event. 

Suppose I have several contacts at RobGravelleAndCo.com and 
want to move all messages addressed to those contacts to an Outlook 
folder called FOSS Export (CR-035), which Figure 4 shows. The 
Recipients object contains a collection of Recipient items, each of 
which contains the properties and methods that relate to one recipi¬ 
ent. One Recipient property is the AddressEntry object, which houses 
the recipient’s address details, including email address. The Recipient 
has a property called Address for the email address. We’ll examine 
that property in the oMsg_Send code at callout B in Listing 1. 


Outlook Folders B Mailbox - Gravelle, Robert 


Figure 4 Folders: 


H 'Cjk IK Correspondence 


El aj Contacts 

Deleted Items (8) 
Qr| Drafts [14] 


T] Calendar (1) 



Instead of trying to delete a message 
manually after sending it, we can set 
the Mailltem’s DeleteAfterSubmit flag 
to true so that Outlook does it for us. 
Just keep in mind that turning on the 
DeleteAfterSubmit flag via the Mailltem 
Properties dialog box will delete all sent 
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Listing 1 :ThisOutlookSession Code for the oMsg_Send Solution 


Option Explicit 

Public WithEvents olnspectors As Outlook.Inspectors 

Public WithEvents oMsg As Outlook.Mai 1 Item 

Private Const BUSINESS_FOLDER = "FOSS Export (CR-035)" 

Private Sub Application_Startup() 

Set olnspectors = Application.Inspectors 
End Sub 

Private Sub oInspectors_NewInspector(ByVal Inspector As 
Inspector) 

If Inspector.Currentltem.Class = olMail Then 
If Len(Inspector.Currentltem.EntrylD) = 0 Then 
Set oMsg = Inspector.Currentltem 
End If 
End If 
End Sub 


Private Sub oMsg_Send(Cancel As Boolean) 

Dim oRecipient As Recipient, oBusinessFolder As 
MAPIFolder, oEmailCopy As Mai litem 

For Each oRecipient In oMsg.Recipients 

If InStr(l, oRecipient.Address, "RobGravelleAndCo.com") Then 
oMsg.DeleteAfterSubmit = True 
Set oBusinessFolder = Application.Session 
.GetDefaultFolder(olFolderlnbox).Parent.Folders 
(BUSINESS_FOLDER) 

Set oEmailCopy = oMsg.Copy 
oEmailCopy.Move oBusinessFolder 
Exit For 
End If 
Next 
End Sub 


messages! That’s a bit of a sledgehammer solution when all you want 
to do is move certain messages. 

On the subject of moving messages, you can’f move the message 
from within the MailItem_SendO event because Outlook isn’t done 
with it yet. (Attempting to do so results in a nasty runtime error.) 
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According to Microsoft, the preferred way to manage this delicate 
operation is first to use the CopyO function to clone the message, 
then to move the clone. Although this is not a true message move, 
the result is the same: After the clone is moved, the original message 
is deleted, thanks to the DeleteAfterSubmit flag. 

Now we need a reference to our folder. Working with custom folders 
is a bit more work than using Outlook’s default folders. You can’t just 
use the folder name to call the GetFolder function (there isn’t one). 
Instead, we need to navigate to the custom folder from one of the de¬ 
fault folders. In our case, the FOSS Export (CR-035) folder is parallel 
to the Inbox, in the mailbox root. To obtain a reference to a default 
Outlook folder, simply call the Application.Session GetDefaultFolder() 
function with one of the olDefaultFolders Outlook Library enumera¬ 
tion values. For example, the following code retrieves the Inbox: 

Set ollnbox = Application.Session.GetDefaultFolder(olFolderlnbox) 

We can get to our folder by using this code: 

Set oBusinessFolder = Application.Session.GetDefaultFolder 
(olFolderlnbox).Parent.Folders(BUSINESS_FOLDER) 

BUSINESS_FOLDER is a constant for our folder name. The oBusiness 
Folder can be passed directly to the Mailltem.MoveO sub, as it requires 
a MAPIFolder object. Similarly, we can get a folder’s subfolder via its 
Folders collection property: 

Set ObjFolder = Application.Session.GetDefaultFolder(olFolderlnbox) 

.Folders("<subfolder name>") 

The Visual Basic Editor 

All Microsoft Office applications come with a full-featured IDE 
called the Visual Basic Editor. It provides an interface for accessing 
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application object models through code so that you can call object 
methods, set object properties, and respond to object events. The 
code that’s used to accomplish these goals is VBA, a specialized sub¬ 
set of the Visual Basic language. 

A Developer tab is available on the Office Ribbon, to access the 
Visual Basic Editor and other developer tools. However, this tab is 
disabled by default to help protect against viruses and other mali¬ 
cious code. You need to perform the following steps before you can 
use this tab: 

1. In Outlook, select Outlook Options from the File tab to open the 
Outlook Options dialog box. 

2. In the Outlook Options dialog box, click Trust Center. 

3. Click Trust Center Settings, and then choose the Macro Settings 
option on the left. 

4. Select the Macro security level that suits your comfort level, 
keeping in mind that the setting pertains to other people’s mac¬ 
ros as well as your own. If you don’t want to give ah macros 
carte blanche, you can have Outlook display a prompt each time 
a macro is about to run. That way, you can decide whether you 
want to let the macro run. That option is called Notifications for 
all macros. 

5. Restart Outlook for the changes to take effect. 

The Visual Basic button, which Figure 5 shows, will be on the far left 
in the Developer tab. Figure 6 shows the Visual Basic Editor. 


o d f I- 


Contacts - Mailbox - Robert Gravelle 



Home 


til 


_*3 Macros 



Developer 


Visual Macro Security Choose Design COM Disabled 
Basic " Form a Form Add-Ins Items 


Code Custom Forms Add-ins 


Figure 5 

Developer tab with 
Visual Basic button 
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Figure 6 

Visual Basic Editor with 
Immediate window 
visible 



The Mailltem SendQ Event 

To make an object’s events available in the Declarations drop-down 
list in the Visual Basic Editor (as Figure 7 shows), you need to use 
the WithEvents keyword to declare the object. The two following 
object declarations allow us to access the Mailltem Send() event: 

Public WithEvents olnspectors As Outlook.Inspectors 
Public WithEvents oMsg As Outlook.Mai litem 

The Inspectors collection contains the Inspector objects for all 
open inspectors (i.e., a window that displays information about an 
Outlook item). The reference to the Inspectors collection is set in the 
Application_StartUp() event: 

Private Sub Application_Startup() 

Set olnspectors = Application.Inspectors 
End Sub 
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t Format Debug Run Jools Add-Ins Window Help 

*0 C J ► JJ u j? tar 'fe' 


. ff x 


oMsg 


Open 


Option Explicit 
1 declares: 

Public WithEvents oMsg As 


BeforeDelete 

Close 

CustomAction 

CustomPropertyChange 

Forward 



Private Sub oHsg_Send(Cam 
Dim oRecipient As Rec 
For Each oRecipient I: 

If InStr(l, oReci; 

'move the email 

oMsg. DeleteAf ter.j - nu r 

Set oBusinessFolder = Application.Session.Ge 
Set oEmailCopy = oMsg.Copy 
oEmailCopy.Hove oBusinessFolder 
Exit For 
End If 

Next 
End Sub 


=lk 


-lLI 


Figure 7 

Declarations drop¬ 
down list in Visual 
Basic Editor 


Binding oMsg to the Current Inspector 

By setting the Mailltem reference in the Inspectors_NewInspector 
event, we specify that only new messages will be referenced. Opening 
an existing email message will not cause the Inspectors_NewInspector 
event to fire. 

The Inspector, which is passed to the sub, has a Currentltem prop¬ 
erty, which refers to the item that the user is viewing. We can check 
this item’s Class property to determine whether it is a Mailltem. We 
can use a constant named olMail for this purpose. Another necessary 
check is for the unique ID string that the Messaging API (MAPI) store 
provider assigns when an item is created in the store. Therefore, the 
EntrylD property is set for an Outlook item only after the item is saved 
or sent. This check, which the code at callout A in Listing 1 shows, 
distinguishes new email items from existing ones. Setting the Mailltem 
in this way causes its events, including the Send event, to fire. 
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The oMsg_Send Event in Action 

I printed some output to the Immediate window (which the bottom 
pane in the Visual Basic Editor in Figure 6 shows) to test the process. 
Click View on the menu bar and then click Immediate Window if it 
isn’t visible. Figure 8 shows some typical results when the message 
is addressed only to the host for which we’re checking. This message 
contained a total of three recipients: one in the To held, one in the CC 
held, and one in the BCC held. All three recipients were contained 
within the Mailltem’s recipients collection. RobGravelleAndCo.com 
was the BCC address, as Figure 9 shows. 

This hnal test run was a reply to that message, with the 
RobGravelleAndCo.com recipient removed. As expected, our rule did 
not move the sent item, as Figure 10 shows. 

An Alternative Solution: Using the Sent Items Folder 
ItemsJtemAdd Event 

The oMsg_Send solution is a good choice if you’re already processing 
new messages, and thus need to reference the new Item’s Inspector. 
An alternative solution places the code in the Sent Items folder’s 
Ifems_ItemAdd() event. (Fisting 2 shows the ThisOutlookSession 
code for this solution.) 

Placing the main logic in the Items_ItemAdd() event gives us a 
couple advantages. First, it results in less code. Second, it is highly 
efficient. All sent items land in the Sent Items folder, unless you have 


Figure 8 

Sample oMsg_Send 
Output 


Opening a new inspector. 

Current item is an email message. 

Email message is new. Storing the Currentltem. 

You have 3 recipient(s) in the recipient list. 

Checking rob@RobGravel1eAndCo.com... 

Recipient is a member of RobGravelleAndCo.com. Moving to FOSS 
Export (CR-035). 
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Opening a new inspector. 

Current item is an email message. 

Email message is new. Storing the Currentltem. 

You have S recipient(s) in the recipient list. 

Checking /o=Revenue Canada/ou=DA/cn=Recipients/cn=HQ/ 
cn=Customs/cn=Customs_H02/cn=Users/cn=JXG768... 

Checking robert.gravelle@cic.gc.ca... 

Checking rob@RobGravel1eAndCo.com... 

Recipient is a member of RobGravelleAndCo.com. Moving to FOSS 
Export (CR-0B5). 


Figure 9 

Action on a filtered 
message for the 
oMsg_Send solution 


Opening a new inspector. 

Current item is an email message. 

Email message is new. Storing the Currentltem. 

You have 2 recipient(s) in the recipient list. 

Checking /o=Revenue 

Canada/ou=DA/cn=Recipients/cn=HQ/cn=Customs/cn=Customs_H02/ 
cn=Users/cn=lXG768... 

Checking robert.gravel 1e@cic.gc.ca... 


Figure 10 

Action on a non- 
filtered message 
for the oMsg_Send 
solution 


created rules that circumvent this behavior or have cleared the Save 
copies of messages in Sent Items check box in the E-mail Options dia¬ 
log box. Note that both solutions presented here apply to one mail¬ 
box account. Therefore, if you wanted to apply similar processing to 
multiple mailboxes, you need to attach your processing code to each 
Sentltems folder event, as Listing 3 shows. 

Gaining Access to the Sent Items Folder's ltems_ltemAdd() 
Event 

The ItemAddO event is a member of the Items collection object, so we 
need to use the WithEvents keyword at the top of the ThisOutlookSession 
module to declare an object of type Items: 

Public WithEvents olSentltems As Items 


Placing the 
main logic in 
the Sent Items 
folder’s Items_ 
ItemAddO 
event gives us 
a couple 
advantages. 
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Listing 2:ThisOutlookSession Code for the ltems_Addltem Solution 


Option Explicit 

Public WithEvents oSentltems As Items 
Private oBusinessFolder As MAPIFolder 

Private Const BUSINESS_FOLDER = "FOSS Export (CR-0B5)" 
Private Const PARTNER_EMAIL_ADDRESS = "RobGravelleAndCo.com" 


Private Sub Application_Startup() 

Dim oSentltemsFolder As MAPIFolder 

Set oSentltemsFolder = Application.Session.GetDefaultFolder 
(olFolderSentMail) 

Set oSentltems = oSentltemsFolder.Items 
Set oBusinessFolder = oSentltemsFolder.Parent 
.Folders(BUSINESS_FOLDER) 

End Sub 


Private Sub oSentItems_ItemAdd(ByVal Item As Object) 

Dim oRecipient As Recipient, oMailitem As Mailitem 

If Item.Cl ass = olMail Then 

Set oMailitem = Item 'this will enable auto-complete 
for mail items. 

For Each oRecipient In oMailitem.Recipients 
If InStr(l, oRecipient.Address, PARTNER_EMAIL_ 

ADDRESS) Then 

oMailitem.Move oBusinessFolder 
Exit For 
End If 
Next 
End If 
End Sub 

Public Sub runMoveSentltemsMacroO 
Dim item As Object 

For Each item In Application.Session.GetDefaultFolder(olFolder 
SentMail).Items 

Call oSentItems_ItemAdd(item) 

Next 
End Sub 
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Listing 3: Code to Apply Processing to Multiple Mailboxes 


Public WithEvents oAFSSentltems As Items 
Private oAFSBusinessFolder As MAPIFolder 
Public WithEvents oSTSSentltems As Items 
Private oSTSBusinessFolder As MAPIFolder 

Private Sub oAFSSentItems_ItemAdd(ByVal Item As Object) 


Private Sub oSTSSentItems_ItemAdd(ByVal Item As Object) 


The business folder information is also included here. If you expect 
a large volume of email related to a particular LOB, it’s probably a 
good idea to create a global reference to its folder, as the code at call¬ 
out A in Listing 2 shows. As before, the object references are set in 
the Application_StartUpO event. As the code at callout B in Listing 2 
shows, this time I referred to the business folder in relation to the 
Sent Items folder (i.e., at the same level as the Inbox). 

The Modified Rule Code 

We no longer need to set the DeleteAfterSubmit flag to create a copy of 
the Mailltem. However, we do need to check the item’s Class type, as 
the Item parameter is a generic Object. Objects other than email mes¬ 
sages, such as Meeting Items, can be placed in the Sent Items folder. I 
also took the extra step of storing the item in a proper Mailltem object 
so that the IDE’s auto-complete feature will kick in. If you know exactly 
which properties you need to access, you can dispense with this step. 

The oSentltemsJtemAdd Event in Action 

Again, I printed output to the Immediate window to test the Items_ 
Addltem solution; everything worked. The example, in Figure 11, 
shows a message addressed only to the host for which we’re check¬ 
ing. The message that Figure 12 shows was addressed to someone 
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Figure 11 

Action on a filtered 
message for the 
ltems_Addltem 
solution 


Figure 12 

Action on a non- 
filtered message for 
the ltems_Addltem 
solution 


who isn’t a member of the RobGravelleAndCo.com domain. As ex¬ 
pected, only Mailltems produced output. 

Adding other Item types to the mix is easy; just change your If state¬ 
ment into a Select Case and include your target types as a comma- 
delimited list, as the code in Listing 4 shows. 


A Mai litem has been moved to the Sent Items folder. 

You have 1 recipient(s) in the recipient list. 

Checki ng rob@RobGravel1eAndCo.com... 

Recipient is a member of RobGravelleAndCo.com. Moving to FOSS 
Export (CR-035). 


A Mai litem has been moved to the Sent Items folder. 

You have 1 recipient(s) in the recipient list. 

Checking /0=REVENUE 

CANADA/OU=DA/cn=Recipients/cn=HQ/cn=Customs/cn=Customs_H02/ 
cn=Users/cn=lXG768... 



Running the Move Sent Mailltems Macro on Demand 

After installing the Move Sent Mailltems macro, you might want to 
run it on messages that were sent previously. To do so, use the Macros 
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dialog box, which is available via the Macros button on the Ribbon. 
The only catch is that the macro provides access to public macros only, 
and our macros are not public. Even if we could see the Sentltems fold¬ 
er ItemAdd event, it processes only the last sent message. Therefore, 
we need to add a public subroutine to loop through every item in the 
Sentltems folder, as the code at callout C in Listing 2 shows. Now we 
can open the Macros dialog box, select our new public sub (if it isn’t 
already selected), and click the Run button to execute it. 


Learning Path 


Windows IT Pro Resources 

Microsoft Outlook Programming: 
Jumpstart for Administrators, 
Developers, and Power Users , 

Sue Mosher 

Inspectors.NewInspector Event 
Mailltem.Send Event 



Safe and Simple 

This article showed you how to use VBA code to extend the built-in 
rules and option settings in Outlook 2010. Specifically, you saw a 
couple ways to move a Mailltem to a user folder after sending. Unlike 
many solutions that rely on complicated timed processes, bug-prone 
Windows API calls, or third-party DLLs, this one is much safer and 
simpler. As a client-side solution, it is independent of your mail serv¬ 
er vendor and doesn’t rely on your using Exchange Server. Moreover, 
it will work for any number of users, whether 50 or 5,000. 

The only remaining question is how to best distribute the VBA code 
to users. There are a few ways fo go about it, some of which require 
user cooperation and others that can be done remotely: 

• Use the File | Export command in the Outlook VBA environment 
to export modules as .bas, .els, or .frm hies. 

• Copy the VbaProject.otm hie from the machine on which the 
macros were written to other users’ machines, replacing any exist¬ 
ing VbaProject.otm hie. 

• Use the Office Prohle Wizard (Proflwiz.exe) to distribute the VBA 
project. 


For more information on these techniques, see the article “ To Distribute 
Microsoft Outlook VBA Code to Other Users .” ■ 

InstantDoc ID 142687 
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T he search experience in Microsoft SharePoint has improved 
continually throughout the product's more than 10-year life¬ 
time. This is just as well. Otherwise, SharePoint would stand 
no chance of supporting the needs of end users in today’s world of 
information ubiquity. 

The information explosion, ever-increasing business pace, and user 
expectations place many challenges on search engines. Fortunately, 
SharePoint provides a feature that many people refer to as faceted 
search. Also known as a search refiner, faceted search enables users to 
navigate search results in an intuitive and context-sensitive way so that 
they can more quickly find the information that they’re looking for. 

The Importance of Search 

Everyone engages in searching—frequently. However, too much 
search activity indicates that the information you seek isn’t easily 
findable. Extrapolating this issue leads to the conclusion that you 
aren’t exploiting your company’s intellectual capital to its fullest. 
When this happens, end-user productivity is affected. Not only do 
users end up frustrated, but they can never be 100-percent confident 
that the information they’re working with is truly the best and most 
relevant for the task at hand. 

Users often reach for that search box in high anticipation of 
quickly finding relevant information, only to have their expectations 
instantly buried in an avalanche of search results that appear to have 
little connection to their quest. This leads to disappointment and 
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mistrust of the search system. The end user’s view: “I asked you 
to find something relevant, and you can’t even do that one simple 
thing!” (to paraphrase a line from the him Superman 3). 

But fixing this problem isn’t simple. Ensuring that the absolute 
best information is returned to a search query is difficult for many 
reasons: 

• Volume and scope of information sources. Your information assets 
tend to be very large and spread out through multiple reposito¬ 
ries, so finding the best answer is usually akin to finding a needle 
in a haystack. 

• Highly structured to highly unstructured information sources. 

This challenge essentially relates to how well your information 
assets can be identified via metadata (i.e., data that describes 
the information, such as who the author is, to which project the 
information belongs, when the information was created, and so 
on). Some information strictly adheres to a known taxonomy, 
other information tends to have partial metadata that might or 
might not adhere to a taxonomy, and still other information has 
no metadata at all associated with it. 

• Non-exhaustive content. Your information assets are not just 
contained within documents. Tacit knowledge abounds, so search 
results should also consider the people that have the knowledge 
you seek. Information sources external to your organization might 
also be able to help users achieve their goals. 

• Relevance requires a context. If the context in which the search 
query is executed is not understood, then returning the best infor¬ 
mation is almost impossible. Often, no context is given for the 
search: Users simply enter some keywords into a search box and 
expect the best. 

• User context is generally unknown. This challenge is similar to 
the previous one but refers more to implicit context that’s based 
on who the user is. Users expect results that are relevant to 
them, so different results need to be returned for different people. 
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For example, if an engineer searches for drawings, then returning 
engineering drawings is relevant—whereas the same search by a 
painter should return works by artists. 

• Ambiguous and incomplete query terms. Users expect the search 
engine to find the right thing and therefore often enter minimal 
terms in the query request. Users also might struggle to determine 
the best terms to enter and might have issues such as not knowing 
how certain assets are named in the system. For example, users’ 
first names and surnames can often be difficult to enter correctly. 
All this makes it even more difficult for the search engine to return 
the best information. 

Given these challenges, search should not be viewed as something 
that always delivers the right results the first time. Rather, it should 
be viewed as an interactive utility that guides the user through the 
information jungle to the appropriate destination, in as few clicks 
as possible. Successfully tackling such issues is key to ensuring that 
search aids information-worker productivity rather than being seen 
as a barrier and that search becomes a valuable business tool that can 
be relied on and used to achieve better business outcomes. 

With this in mind, let’s take a look at how refiners and the 
Refinements Web Part deliver functionality that can lead users to 
their destinations, without frustration. 

Refiners 

Refiners (aka faceted search) are a key feature that lets users 
further navigate the search result set by using what are essen¬ 
tially smart biters or groupings. Rebners are typically presented 
in the left navigation area of the search results page by using the 
Rebnements Web Part. Rebners facilitate the idea of a conversa¬ 
tional user experience. 

Rebners are determined dynamically, based on the returned result 
set, the calling user, and the search results page. In Figure 1, you can 
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Figure 1 

SharePoint search 
results showing search 
refiners in the left 
column 


see three Refiners—Result Type, Site, and Author—displayed at the 
left side of the page. More refiners, such as Modified Date and Wiki 
Categories, are presented further down the page. 

The dynamic nature of refiners can be understood best by look¬ 
ing at the Result Type refiner that Figure 1 shows. Here, you can 
see the ability to further filter the result set by either Microsoft 
Word or Excel. This tells you that only Word and Excel items 
were returned in the search results. If, for example, a Microsoft 
PowerPoint document was returned, then you’d also see an option 
to filter by PowerPoint. 

You can navigate further into some of the refiners, such as the Site 
refiner that Figure 1 shows. Here, you can see that we have navigated 
into the www.nut2craic.com namespace and found three site collec¬ 
tions within. This information tells you that the result set came from 
only these three site collections. Therefore, you can home in on the 
content you seek with a few clicks. 

Tags that users have used to mark content can also be used as 
refiners. This approach lets you navigate the result set to find pages 
that are being tagged by the whole community. Such pages are 
usually wonderful candidates for relevant content because it is the 
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community that is ultimately surfacing them in the search results. 
How very social! 

When you click a refiner value, the search results page is called, 
with suitable query terms that ensure that only the refined content is 
returned. The “r” query string is used to pass the desired refiner to the 
query. As an example, the following URL is associated with the Excel 
refiner that’s shown in Figure 1: http://www.nut2craic.com/Pages/ 
results.aspx?k = harp&r = fileextension = "ode" fileextension = "ods" hie 
extension = "xls" fileextension = "xlsb" fileextension = "xlsm" hie 
extension = "xlsx". 

The Refinements Web Part 

Rehners are displayed via the Rehnements Web Part. The configura¬ 
tion of this Web Part determines which rehners are listed for the cur¬ 
rent result set. The XML that’s associated with the Web Part is used 
to dehne hlter categories, which are mapped to SharePoint managed 
properties that are in the search index or to managed metadata that 
is dehned in the SharePoint Managed Metadata service. Through this 
XML, you can control how to determine the displayed rehners, how 
many rehners are displayed within each category, and so on. You can 
also dehne how to associate items that match the search query and 
a particular hlter category. For example, the hlter category for Result 
Type indicates that the hie extension for managed property should be 
used and that extensions that are equal to xlsx, xlsm, and so forth, 
should be included in the Excel category. (We’ll discuss how to view 
the default XML that dehnes such hlter categories in a moment.) 

The XML can also perform relative calculations on the value of a 
managed property to determine its hlter category. For example, the XML 
for the Modihed Date hlter category instructs SharePoint to calculate 
the number of days that have passed since the Write managed property 
was last updated in order to determine whether the item should appear 
in the Last Week, Last Month, or Last Year hlter category. Listing 1 
shows some sample XML for the Modihed Date category. 
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Listing 1: Sample XML for the Modified Date Category 


<Category Title="Modified Date" Description="When the 
item was last updated" Type="Microsoft.Office.Server 
.Search.WebControls.ManagedPropertyFi 1terGenerator" 
MetadataThreshold="5" NumberOfFi1tersToDisplay="6" 

MaxNumberOfFi1ters="0" SortBy="Custom" 

ShowMoreLink="True" MappedProperty="Wri te" 
MoreLinkText="show more" LessLinkText="show fewer" > 

<CustomFiIters MappingType="RangeMapping" DataType="Date" 
ValueReference="Relative" ShowAl1InMore="False"> 
<CustomFilter CustomValue="Past 24 Hours"> 

<0riginalValue>-l..</0riginalValue> 

</CustomFilter> 

<CustomFilter CustomValue="Past Week"> 

<0riginalValue>-7..</0riginalValue> 

</CustomFilter> 

<CustomFilter CustomValue="Past Month"> 

<0riginalValue>-30..</0r i ginalValue> 

</CustomFilter> 

<CustomFilter CustomValue="Past Six Months"> 

<0riginalValue>-183..</0riginalValue> 
</CustomFilter> 

<CustomFilter CustomValue="Past Year"> 

<0riginalValue>-365..</0riginalValue> 
</CustomFilter> 

<CustomFiIter CustomValue="Earlier"> 

<0riginalValue>..-365</OriginalValue> 
</CustomFilter> 

</CustomFilters> 

</Category> 


Configuring and Customizing the Refinements Web Part 

To view the default XML for the configuration of the refiners on the 
Refinements Web Part, edit the Web Part and view the contents of 
the Filter Category Definition text box in the Refinement section, as 
Figure 2 shows. 
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Figure 2 

Viewing XML for 
refiner configuration 



As an example of how to add your own refiners, suppose that 
you’ve added a custom property called Instrument to various items 
in your body of indexed information. Furthermore, you’ve configured 
this property to be a managed property (using SharePoint Central 
Administration or Windows PowerShell), so it can be used as part of a 
search query (amongst other things). If you wanted to use the differ¬ 
ent values of this property as a single filter and display these values in 
alphabetical order on the search results page, you’d replace the default 
XML with the code that Listing 2 shows. (Note that if you wanted to 
add the values as an extra filter rather than as a single filter, then you 
would simply insert the < Category > node into the existing XML.) 
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Listing 2: Code to Use and Display Property Values as One Filter 


<?xml version="1.0" encoding="utf-8"?> 

<Fi1terCategori es> 

<Category Title="Instrument" Description="Type of 
instrument" Type="Microsoft.Office.Server 
.Search.WebControls.ManagedPropertyFilterGenerator" 
MetadataThreshold="5" NumberOfFi1tersToDisplay="10" 
MaxNumberOfFi1ters="0" SortBy="Name" 

SortDirection="Ascending" SortByForMoreFilters="Name" 

SortDirectionForMoreFi1ters="Ascendi ng" ShowMoreLink="True" 
MappedProperty="Instrument" MoreLinkText="show more" 

LessLinkText="show fewer"/> 

</Fi1terCategories> 


The Category node defines each filter. You can apply many attributes 
to the Category node of the XML, to control how the refiners within the 
filter are displayed. These attributes refer to properties that you can set 
on a Filter Category WebControl object (see TechNet for more details). In 
the code sample in Listing 1, these attributes are the most important: 

• Type. This attribute controls what is used to determine the con¬ 
tents of the biters; in this case, ManagedPropertyFilterGenerator. 
Developers can add other biter types. Some, such as 
TaxonomyFilterGenerator for managed metadata, are available 
out of the box. 

• MetadataThreshold. This attribute controls the minimum number 
of items that need to be returned in the search results before the 
rebner will activate. 

• NumberOfFiltersToDisplay. This attribute controls the number 
of biters to display in this biter category. If more biters are avail¬ 
able, then a More link is shown—so long as the ShowMoreLink 
property is set to True. 

• SortBy and SortDirection. These attributes control the sort order 
of the displayed biters. SortBy can be one of these: Frequency, 
NumericValue, Name, or Custom. 
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The Refinements 
Web Part 


• MappedProperty. This attribute controls the managed property 
that is to be used to build the list of biters for this biter category. 


An example of such a Rebnements Web Part can be seen in Figure 3. 
Note the single category of rebners with individual values, shown from 
the Instrument property. 



The Rebnements Web Part also supports Extensible Stylesheet 
Language (XSL] to transform the display. Therefore, you can modify 
the XSL to modify the default display so that it suits your needs. You 
can access the XSL via the Data View Properties of the Web Part, as 
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Figure 2 shows. For example, you could replace the textual descrip¬ 
tion of the filter categories with something more exotic, such as an 
animated image, to liven up your search results page. Figure 4 shows a 
sample of such an exotic page. (Obviously, it isn’t animated!) 



Figure 4 

Livening up 

filter-category 

descriptions 


Helping You Help Users 

SharePoint Server 2010 delivers many search features that can help 
you navigate the large bodies of information that typically are found 
in many enterprises. Many new features help you tailor the search 
experience to meet your business needs. The Refinements Web Part 
is one example and can help you simply and effectively lead users to 
the information that they’re looking for. ■ 

InstantDoc ID 142490 
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for IT Pros 


BUMI's Latest Cloud Backup & Recovery Service 

BUMI (Backup My Info!) announced the availability of the latest ver¬ 
sion of its online data backup and recovery solution. The updated 
BUMI solution now includes expanded integration with NetApp stor¬ 
age solutions, increased performance for VMware backups, support 
for Mac OS X Lion and OS X Snow Leopard, and an enhanced Net¬ 
work Operations Center for improved visibility and better control over 
customers’ backup environments. Key features of the new release 
include NetApp API Level Integration, VMware 4.1 via vSphere APIs 
for Data Protection (VADP), and DS-NOC, a new Network Opera¬ 
tions Center. The latest BUMI release was automatically deployed for 
all existing BUMI clients and is currently available to all new clients 
signing up for BUMI’s online data backup and recovery solution. For 
more information about BUMI’s products and services, please visit 
the BUMI website . 

Harmon.ie Targets the iPad 

Harmon.ie unveiled harmon.ie for iPad, the brst-ever product to bring 
Microsoft SharePoint document collaboration and social interactions 
to the iPad. The mobile business community can now easily and 
securely share documents, get real-time document and colleague- 
status updates, and connect with colleagues anywhere, anytime. 
Users can work on a presentation from their desktop, drag and drop 
it to SharePoint, and send a link to colleagues using harmon.ie in 
Microsoft Outlook or IBM Lotus Notes. Then, using the iPad, they 
can see document updates from colleagues while on the go. They can 
access the latest version of the document, edit it, and share it with 
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the team when they’re back online. The team will receive a real-time 
update once the revised document is uploaded. Harmon.ie for iPad 
costs $19.99 and is available at the Harmon.ie website. 


SlimWare Utilities Offers Free PC Cleaning and 

Optimization u T ' 1 ■ T ' € 5 

Slim Cleaner 3.0 includes a new suite of Disk Tools to manage the 
amount of space taken up by files and secure the contents of various 
drives. The new Disk Tools in SlimCleaner 3.0 are designed to keep 
all drives—including internal hard drives, external drives, and flash 
drives—secure and clear of clutter. The Disk Tools tab is accessible 
from SlimCleaner’s home screen and includes a Disk Summary, Disk 
Analyzer, Disk Wiper, and Shredder. Squarely benefiting Ultrabook 
users. Disk Analyzer provides a visual display of a PC’s hard drive so 
that users can analyze the contents and easily identify what’s taking 
up disk space. Disk Summary shows the amount of space available on 
a PC’s disks. Drive Wiper is a clean-up tool that overwrites the raw 
sectors of a drive with random data to securely erase data that users 
would like to dispose of. A shredder, with up to 35 overwrite passes, is 
also part of the Disk Tools section in SlimCleaner 3.0. For more infor¬ 
mation about SlimCleaner, please visit the SlimWare Utilities website. 


Panorama9 Simplifies IT Managers' Lives 

Panorama9 announced the launch of a web-based dashboard that man¬ 
ages IT services for small-to-midsized businesses (SMBs). Panorama9 
brings IT management to the cloud to help SMBs cut their IT costs 
while keeping their networks, services, and devices running at peak 
performance. Panorama9 takes minutes to install and cuts the time 
spent on administrative tasks—such as patching, inventory, and dis¬ 
tribution—in half. An easy-to-use dashboard offers a comprehensive 
view for the IT pro, with real-time tracking and alerts on company 
assets, IT availability, security vulnerabilities, non-compliant systems, 
and more. The company also launched a new patch-management 
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feature to take the complexity out of managing the endless array of 
critical updates across all devices, applications, and OSs in an IT envi¬ 
ronment. Panorama9 is a subscription-based service with tiered pric¬ 
ing plans starting at $99 per month. For more information, check out 
the Panorama9 website. 



Intel Introduces Cloud-Based Identity Solution 

Intel announced that Intel Cloud SSO, a cloud-based Identity and 
Access Management as a Service (IAMaaS) solution, is now delivered 
on Force.com , Salesforce.com ’s social enterprise platform. The solution 
will help enterprise users utilize their Salesforce credentials to access 
popular cloud applications. Single sign-on (SSO) from Forcexom pro¬ 
vides seamless access to applications, such as Box.com, Cisco WebEx, 
Google Apps, and Salesforce, improving end-user convenience and 
increasing security while reducing the number of passwords required. 
Enterprises can rely on Intel Cloud SSO to deliver IAM functions in the 
cloud; provision, synchronize, and de-provision access to thousands of 
cloud applications; address security concerns with two-factor mobile- 
based strong authentication; and deliver comprehensive reporting and 
auditing features to comply with regulatory requirements. For more 
information, visit the Intel Identity website. 


FLE ERA 


Flexera Software Announces New AdminStudio Virtual 
Desktop Assessment Tool 

Flexera Software announced the launch of AdminStudio Virtual Desk¬ 
top Assessment, which accelerates enterprises’ migration to user¬ 
centric computing and a virtual desktop infrastructure (VDI) while 
reducing the cost of achieving desktop virtualization objectives. 
Although VDI promises to yield substantial cost savings and dramati¬ 
cally improve IT resource utilization, migrating to virtual desktops is 
a time-consuming, costly, and risky undertaking. To maximize the 
likelihood of virtualization success, all VDI projects should be sup¬ 
ported with a thorough assessment of users’ current application usage 
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and likelihood of success. AdminStudio Virtual Desktop Assessment 
provides essential, vendor-agnostic planning automation capabilities. 
An easy-to-install virtual appliance monitors key system behaviors of 
computers, users, and applications, gathering a complete application 
inventory, and collecting in-depth information on each application, 
such as CPU performance, online/offline access, input/output, and 
memory utilization, to reveal virtualization suitability and the com¬ 
plexity of virtualizing that application. For more information, visit the 
Flexera website . 

Smith Micro Announces NetWise Passport 

Smith Micro Software announced NetWise Passport, an application 
control solution for mobile devices. Extending Smith Micro’s intelli¬ 
gent traffic-management solution, NetWise Director (formerly Mobile 
Network Director), NetWise Passport equips wireless operators with 
policy management tools to shape bandwidth consumption based on 
application usage. Unauthorized and inefficient applications present a 
serious threat to mobile network performance and stability. The patent- 
pending NetWise Passport solution gives operators more control over 
how applications can access their networks, reducing exposure from 
inefficient applications that can adversely affect the subscriber expe¬ 
rience. The client-based policy controls help carriers provide more 
value to users and manage bandwidth consumption while keeping 
away threats from unmanaged applications and devices. For more 
information, see the Smith Micro Software website. ■ 


WWW.WINDOWSITPRO.COM 


Windows IT Pro / July 2012 





New & Improved 


A 


PAUL’S PICKS 


www.winsupersite.com 



SUMMARIES of in-depth product reviews on 
Paul Thurrott's SuperSite for Windows 




HTC Titan II 

PROS: Windows Phone 7.5 OS; LTE; excellent 
camera 

CONS: Bulky; big form factor; expensive 
RATING: ★★★☆☆ 
RECOMMENDATION: Had the HTCTitan II 
shipped as part of the launch wave of 
Windows Phone 7.5 devices late last year, it 
most likely would have been the creme de la 
creme. However, coming now as it does in the 
wake of the excellent Nokia Lumia 900, the 
Titan II suffers by comparison but for one truly 
redeeming feature: It has the best camera I've 
ever seen on a Windows Phone handset, and 
although it falls a bit short of the lofty stan¬ 
dard set by Apple's incomparable iPhone 4S, 
it's still a stunner. The camera features 16 
megapixels of resolution, about twice that 
offered by any other smartphone, excellent 
optics, and, as important on Windows Phone, 
where such things are left to the device 
maker, a truly useful set of picture-taking 


modes and options that includes panorama 
and intelligent automatic shooting. Beyond 
this, the Titan II is mostly uninteresting: It 
has LTE compatibility—a requirement, in my 
opinion—and a very large body with a huge 
4.7-inch screen that some will find unwieldy. 
Ultimately, the Titan II is a decent Windows 
Phone handset. But with the Lumia 900 in the 
market, these days decent isn't enough. 
CONTACT: HTC 

Full Review 

SkyDrive App Beta 

PROS: Simple access to SkyDrive data; 

Remote Fetch 

CONS: Can't determine which parts of Sky¬ 
Drive are synced; can't sync to multiple loca¬ 
tions on a PC; no remote desktop functionality 
RATING: ★★★☆☆ 
RECOMMENDATION: Microsoft is killing 
off its Windows Live brand, and although it 


hasn't explicitly said so, all indications are 
that it will be killing off its Windows Live 
Mesh service, replacing it with the new 
SkyDrive app for Windows 8, Windows 7, 
and Windows Vista, currently in beta form. 
SkyDrive maps your cloud-based storage to a 
folder on your PC that's either synced or not 
synced (there's no way to determine which 
parts of SkyDrive are synced—Microsoft 
tells me this is coming)—so it's an all or 
nothing affair. You also can't sync folders 
in SkyDrive to different parts of the hard 
drive. It does provide a unique new feature 
called Remote Fetch that lets you remotely 
navigate through another connected PC via 
a web interface. Even in its current form, it 
offers what users have been clamoring for: a 
simple, Explorer-based method of accessing 
SkyDrive from a Windows-based PC. 
CONTACT: Microsoft 

Full Review 
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Drobo B1200i 

R ecently I visited an office lacking network disk space, but found 
its storage system had empty drive bays. Perplexed, I talked to 
an overburdened IT administrator, who was frustrated with 
the hie storage system because it was difficult to configure and provi¬ 
sion. An office such as this could benefit from investigating the Drobo 
B1200i. 

Rising above the small office/home office (SOHO) market and just 
below the enterprise market for SANs is the business class Drobo 
B1200i storage device. For this review, I put Drobo B1200i to the test 
in a common scenario: provisioning new SAN storage space on a hie 
server. 

To get started, I slid six included 2TB Seagate Constellation Serial 
Attached SCSI (SAS) 7200rpm disks directly into the front slots of the 
12-disk bay—no drive carriages or screws were required. Moving to 
the rear of the unit, I found a removable expansion card with a net¬ 
work management port and three clearly labeled iSCSI network ports, 
as Figure 1 shows. (The device provides only iSCSI storage services.) 
By default, the management port is a DHCP port, so I simply con¬ 
nected it to my LAN through a Category 6 network cable. To imme¬ 
diately take advantage of the storage, I used a Cat 6 network cable 
to connect the iSCSI 1 port on the Drobo B1200i device to a network 
card port on my Windows Server 2008 R2 server. 

At that point, I just needed power, so I connected the removable 
and redundant power supplies in the rear. One power supply was a 
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Figure 1 

The backside of Drobo 
B1200i 
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The ease with 
which you can 
expand storage 
capacity and 
recover from 
a failure is 
impressive. 


Figure 2 

The management 
console for Drobo 
B1200i 


UPS. The other one was a UPS on a dedicated power circuit, which is 
a common method to provide protection from UPS or circuit failure. 
I powered up the 3U rack-mountable Drobo B1200i device using the 
rear power switch. The unit has four rear fans in a single removable 
unit and two fans in each power supply. Due to the fan noise, it’s 
most at home in the data center or an isolated area for computer 
systems. 

Using a Windows 2008 R2 server (Apple Macintosh is also sup¬ 
ported), I installed the management console with a few clicks, then 
watched it easily locate the Drobo B1200i device by searching the 
network. The easy-to-use dashboard features a clickable representa¬ 
tion of a Drobo B1200i device, as Figure 2 shows. You use this slick 
GUI to not only check the status of the storage disks but also to con¬ 
figure the storage device. After I configured the IP addresses for the net¬ 
work card port on the server and the iSCSI 1 port on the Drobo B1200i 

device, network connec¬ 
tivity was established. 

The best part of using 
Drobo B1200i was pro¬ 
visioning storage on the 
server. I added a 2TB 
volume through the New 
Simple Volume Wizard 
by selecting NTFS as the 
format type, choosing a 
drive letter, and specifying the volume size. The management console 
configured the iSCSI initiator in Windows, formatted the partition, and 
automatically created the volume in Windows. Although I used NTFS, 
other format types are available. Notably, the multi-host format type 
is available for virtualization servers (e.g., VMware vSphere, Citrix 
Systems XenServer), and the HFS + format type is available for Macs. 

Drobo B1200i automatically manages storage. It aggregates all 
available storage into a single thin provisioned storage pool in order 
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to allow overprovisioning of disk space. If you reach the maximum 
storage capacity, you can simply add more drives or add larger drives 
to the storage pool. Drobo B1200i doesn’t perform deduplication. 

The ease with which you can expand storage capacity as well as 
recover from a failure is impressive. In my testing, I added a few 
consumer-grade drives to the storage mix. One failed soon afterward 
and another was too small for production use, so I swapped them 
both out with 2TB drives. Drobo’s proprietary BeyondRAID technol¬ 
ogy, which is configured to protect from two-drive failures by default, 
rebuilt the data protection for the array and expanded the drive space 
at the same time. No configuration was necessary. 

Drobo B1200i is appropriate for business and enterprises. It has many 
benefits for super busy IT administrators, such as user-replaceable 
modular components, easy-to-provision storage, and easy-to-expand 
storage for the growing drive needs of businesses. ■ 

InstantDoc ID 142674 


Drobo B1200i 


PROS: Quick setup and 
expandability; excellent disk 
and power supply redundancy; 
multiplatform support; easy- 
to-use management software; 
well documented 

CONS: All network interfaces 
on one physical card; no 
same-day support options 

RATING: 

PRICE: $11,995 for 12TB (six 
2TB hard disk drives); $14,995 
for 24TB (twelve 2TB hard disk 
drives); $17,995 for 18TB (nine 
2TB hard disk drives); $17,995 
for 6006B (three 200GB solid 
state drives) 

RECOMMENDATION: Setting 
up a SAN can be difficult, but 
the Drobo can be installed 
by IT pros in an afternoon. It 
features redundancy where it's 
most needed—in disks and 
power supplies. Well docu¬ 
mented, it's a truly expandable 
system that's appropriate for 
virtualization environments, 
file servers, disk-to-disk 
backup storage, and more. 
Support for Mac, VMware, 
Linux, and multiple versions 
of Windows rounds out this 
versatile SAN. 

CONTACT: Drobo - 866-997- 
6268 or 408-276-8400 
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N ew computing trends such as virtualization, the private cloud, 
big data, and mobile computing have changed the IT landscape 
quicker in the past couple of years than it has ever changed before. 
These trends have also fueled an explosion in data storage requirements. 
The HP X5520 G2 Network Storage System is designed to address the 
storage concerns of medium- and large-sized organizations. 

Dissecting the System 

The HP X5520 G2 is two-node, active/active mid-range NAS cluster 
with shared storage. The fact that it’s a two-node appliance means it 
has two X5460sb server blades in the chassis. Each server blade has 
one Intel Xeon quad-core E5620 processor. The X5520 G2 comes stan¬ 
dard with 48GB DoubleDataRate 3 (DDR3) Registered Error-Correcting 
Code (ECC) RAM. The RAM is divided into 24GB per X5460sb server 
blade, and the unit supports a maximum of 348GB per server. The 
X5520 G2 is delivered in a 3U chassis. Internally, it can provide up 
to 32TB of storage capacity and is expandable to more than 100TB 
externally by using HP D2000 Disk Enclosures. For connectivity, the 
X5520 G2 provides two 10 Gigabit Ethernet (GbE) NC553i FlexFabric 
ports per controller. In addition, there are two lGbE ports per control¬ 
ler and one lGbE NC382m multifunction port per controller. You can 
see a picture of the HP X5520 G2 in Figure 1. 


Figure 1 

HP X5520 G2 Network 
Storage System 
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The HP X5520 G2 is delivered as an appliance, which essentially 
means that the OS is preinstalled. The system that I tested came with 
Windows Storage Server 2008 R2 SP1, Enterprise x64 Edition, pre¬ 
installed and activated. Windows Storage Server 2008 R2 provides a 
number of advanced storage-management features, including: 

• File deduplication, which can recover up to 40 percent of disk 
space 

• File Classification Infrastructure, which enables context-based 
security 

• Support for functioning as a hosted BranchCache server, which 
provides efficient remote-office support 

• Support for user storage quotas 

• Storage reporting 

The HP X5520 G2 supports both hie and block access, allowing 
it to function as a NAS device and as an iSCSI SAN. It supports the 
Common Internet File System (CIFS), Server Message Block (SMB), 
NFS, iSCSI, HTTP, FTP, and WWW Distributed Authoring and 
Versioning (WebDAV) protocols and can be used as an iSCSI target. 
The Windows Storage Server 2008 R2 iSCSI Software Target provides 
block-level storage as disk volumes, which can be mounted by any 
client running an iSCSI initiator. The iSCSI target uses space that’s 
allocated as Virtual Hard Disks (VHDs) within the HP X5520 G2. This 
provides a simplified model for storage management. 

Getting the System Up and Running 

With the system weighing in at about 190 pounds, installing the HP 
X5520 G2 is definitely a two person job. Connections for the server 
were a bit different from a standard rack-mount server. The power but¬ 
ton is in the back, showing that the unit is really meant for hands-off 
operations. Notably, there are no keyboard, mouse, VGA, or USB ports 
on the back of the HP X5520 G2. Fikewise, the unit doesn’t have a 
built-in DVD drive. To connect a monitor and keyboard to the unit, you 
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The HP 
X5520 G2 can 
function as a 
NAS device 
and as an iSCSI 
SAN. 


Figure 2 

Initial Configuration 
Tasks window 


use a multifunction port that provides two 9-pin VGA connectors (one 
male and one female) and two USB ports. 

The initial power up is performed by pressing the power button in 
the back of the unit. The initial setup of the appliance is performed 
through HP’s Integrated Lights-Out (iLO) out-of-band management 
technology. Like most small form factor units, the system is loud and 
should be run in a noise enclosure. 

After initially powering up the chassis, each node needs to be 
powered up using the iLO console. Then, you can connect to one of 
the nodes through the iLO console, where you can use the Set Up 
Wizard to perform the initial server configuration. The first startup 
configuration allows you to configure basic connectivity such as the 
networking requirements. After the initial configuration, the system 
reboots and the HP Initial Configuration Tasks window is displayed. 
You can see the Initial Configuration Tasks window in Figure 2. 
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To complete the setup, you basically step through each of the 
different tasks. The first few tasks prompt you for each node’s 
networking configurations, the time zone, and some basic cluster 
information. After completing the Provide cluster name and domain 
task, both nodes will reboot. The remaining tasks include creating 
the two-node cluster and deploying one or more hie servers on it. 
Overall, setup was simple, especially considering that I was config¬ 
uring a two-node cluster that contained highly available hie servers. 
The setup process took about an hour to go from power up to file- 
serving availability. 

I tested the system both as a NAS device (hie access) and as an 
iSCSI target (block access). The system functioned flawlessly for both 
types of roles. 

As a NAS device, it ht right in with my existing Windows infra¬ 
structure. Clients connected to the client access point conhgured in 
the wizard, and the hie shares were all highly available and protected 
by the built-in Windows Storage Server failover clustering. The hie 
deduplication capabilities worked as advertised. 

As an iSCSI target, I found that the HP X5520 G2 was fully com¬ 
patible with Hyper-V’s Live Migration. The system consumed about 
120.9 watts while it was running and active. 

A Great Storage Solution 

The HP X5520 G2 is a great storage solution. Because the Windows 
Storage Server 2008 R2 OS is preinstalled, the HP X5520 G2 can be 
deployed very rapidly. Built-in clustering provides high availability, 
and the OS’s ability to perform deduplication provides signihcant stor¬ 
age savings and efficiency. The HP X5520 G2’s ability to provide both 
hie and block access enables it to be flexible enough to handle all the 
storage requirements of medium- and large-sized businesses. ■ 

InstantDoc ID 142823 


HPX5520G2 
Network Storage 
System 


PROS: Rugged construction; 
excellent price/performance 
ratio; very flexible storage 
capabilities; built-in high 
availability; easy setup 

CONS: Rear-mounted power 
button difficult to access; 
front-mounted keyboard and 
VGA attachment didn't fit 
well in my rack 

RATING: 

PRICE: Starts at $30,229 
(tested configuration: 
$30,229) 

RECOMMENDATION: The 

HP X5520 G2 is a great 
choice for businesses looking 
to add highly available file 
shares or iSCSI storage to 
their infrastructure. 

CONTACT: HP - 800-752-0900 
or 650-857-1501 
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Harmon.ie for SharePoint, 
Outlook Edition 
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T here’s a plethora of add-ons for Microsoft Outlook that claim to 
make working with Microsoft SharePoint easier. In my experi¬ 
ence, many of them leave much to be desired, so I was keen to 
try Harmon.ie for SharePoint, Outlook Edition, to see if it could step 
up to the challenge of providing seamless SharePoint integration. 

Accessing SharePoint documents can be a challenge for new users. 
Although it’s possible to go through the SharePoint team site, I’ve 
always felt that you should be able to directly access them through 
Microsoft Office and Windows. Harmon.ie does this by giving users 
a single-pane view of SharePoint workspaces in the Outlook UI. As 
Figure 1 shows, the pane includes a Documents tab, where users can 
find, work on, and share SharePoint documents, and a People tab, 
where users can find, get information about, and collaborate with 
other SharePoint users. In addition, Harmon.ie lets users save and 
manage their email messages on SharePoint. 

Installing and Setting Up the Add-On 

Harmon.ie is easy to install and can be distributed using Group Policy 
Software Installation, Microsoft System Center Configuration Manager 
(SCCM), or a similar product. SharePoint sites can be preconfigured 
in Harmon.ie to get users up and running quickly. As part of its mis¬ 
sion to increase SharePoint adoption, Harmon.ie provides administra¬ 
tors with reports on SharePoint usage, which are based on data from 
SharePoint, Outlook, and Microsoft IIS logs. 

I tested Harmon.ie with Microsoft Office 365, and adding my site 
was relatively easy. I was stumped for a while on which authentication 
method was needed, which turned out to be Use browser authentication 
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Harmon.ie for SharePoint, Outlook Edition 


instead of entering my Office 0 . * » * 

365 username and password 
directly into Harmon.ie. It 
would have been nice if the 
dialog box had given a hint 
about the correct authentica¬ 
tion method to choose. 

Harmon.ie adds a delay to 
the Outlook startup time, but 
this is only really noticeable 
the first time you start Outlook 
every day, before the binaries 
are cached for faster launch¬ 
ing. More important, Harmon.ie doesn’t render Outlook unstable, 
which can be a concern when working with third-party add-ons. 



Figure 1 

The Harmon.ie pane in 
Outlook 


Working with Documents 

After adding the Office 365 site, I tried to upload a folder via Harmon.ie 
and received an error message that said uploading a folder isn’t allowed. 
Although you can map a network drive to SharePoint and upload a 
folder that way, you need to know what you’re doing. I had hoped 
that Harmon.ie might make the process easier. 

Searching documents worked well, although the requirement to 
click the Search button (or press Enter) to start the search seemed 
a little antiquated considering how the search functionality on the 
Windows Start menu works as you type. A nice touch is the docu¬ 
ment preview at the bottom of the Harmon.ie pane. It saved me from 
having to open documents to check their contents. 

Harmon.ie’s Documents tab gives information about each document in 
a SharePoint library, including when it was last modified and by whom. 
The view can be filtered to show only checked-out documents. The drag- 
and-drop functionality is handy; it works from both Windows Explorer 
and Outlook. Cut and paste operations can also be performed using the 


The benefits 
Harmon.ie 
provides 
outweigh 
the minor 
disadvantage 
of slowing 
Outlook a 
little. 


WWW.WINDOWSITPRO.COM 


Windows IT Pro / July 2012 107 







Product Review 


A 


Harmon.iefor 
SharePoint, Outlook 
Edition 


PROS: Outlook integration 
makes using SharePoint easy 

CONS: Has a minor impact 
on Outlook performance; 
subscription-based license 

RATING: icMdck 

PRICE: $50 per user a year; 
volume discounts available 
for 100 or more users 

RECOMMENDATION: This 
solution should prove useful 
for any sized organiza¬ 
tion intending to move to 
SharePoint. With virtually 
no learning curve involved, 
Harmon.ie should make it 
easier for users to locate and 
work with documents and 
email on SharePoint. 

CONTACT: Harmon. ie - 
800-624-6946 or 
408-907-1339 


context menu. The Favorites functionality lets users follow a SharePoint 
library so that their Harmon.ie feed will display changes to existing doc¬ 
uments and notify them if new items are added to the library. Finally, 
there’s integration with Microsoft Office Communications Server (OCS) 
and Microsoft Lync so that users can initiate calls or chat sessions. 

Working with Email 

Harmon.ie lets users decide if email messages and attachments should 
be saved to SharePoint before they’re sent. Alternatively, this setting 
can be centrally configured by system administrators. All email mes¬ 
sages saved to SharePoint as well as email metadata are mapped to 
SharePoint columns to make sure the information can be searched. 

Administrators can configure Harmon.ie to automatically replace 
attachments in outgoing messages with links, which is great way to 
save space in a Microsoft Exchange database. The whole process of 
replacing an attachment with a link and saving the data to SharePoint 
adds a slight delay when sending an email, but nothing too signifi¬ 
cant. Administrators can also configure Harmon.ie to automatically 
delete outgoing messages from Exchange after they’re sent, designat¬ 
ing SharePoint as the main storage location for them. 

Benefits Outweigh the Slight Slowdown 

The benefits Harmon.ie provides outweigh the minor disadvantage 
of slowing Outlook a little. In the month I’ve had it installed on my 
system, there have been no crashes or problems created by the add¬ 
on. Because of the features built into Harmon.ie, I haven’t needed 
to visit my SharePoint team site. Considering that Outlook is where 
the majority of office workers spend most of their time, the product 
is successful in that users don’t need to leave the Outlook UI. The 
learning curve to use Harmon.ie is short. Users might need to be told 
about its drag-and-drop functionality, but otherwise it’s intuitive so 
it’s unlikely that specialized training will be needed. ■ 
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Backup Appliances 

Sophisticated solutions for complex backups 


D ay after day, in the cubicles of IT pros around the world, 
you’ll hear questions such as: Do we have a current backup? 
When was our last good backup? Can we restore from our 
backup? Why did the backup fail? Questions like these make backups 
one of the most discussed items in IT. 

Backups can be a painful chore, fraught with problems such as 
failed backup jobs, broken tapes, bizarre error messages, and the 
dreaded case of being unable to restore from what was supposedly a 
successful backup. To avoid such problems, IT pros are always look¬ 
ing for better ways to produce quality backups consistently, with as 
little impact to production operations as possible. 

A few decades ago, backups were simpler. You installed a tape drive, 
procured some tapes, installed backup software, and set up a single full- 
backup job to run once a day. Everything important could bt on one tape, 
and a backup could bnish overnight because no one was working then. 

Today, backups are far more complex. Backing up directly from disk 
to another disk is common, as are tape autoloaders, robotic libraries, 
multiple backup jobs, and tight backup windows due to our “always 
on” society. Nowadays, there’s never a good time to take a backup. 

Fortunately, there are many vendors that produce backup appli¬ 
ances in an effort to remedy what ails the IT pro in the world of back¬ 
ups. I recently spoke with representatives from two such vendors— 
Symantec and NetApp —to explore their offerings and see how those 
offerings compare with traditional backup solutions. 
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Symantec 

Symantec is probably one of the most well-known backup software 
vendors, offering such products as Backup Exec and NetBackup. 
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Nowadays, 
there’s never a 
good time to 
take a backup 
due to our 
“always on” 
society. 


Symantec aligns its backup appliances with these familiar software 
products. But how is one of these appliances a better fit than simply 
installing a copy of Backup Exec or NetBackup? 

According to Peter Elliman, a senior manager for product market¬ 
ing at Symantec, it’s a matter of time. “Why spend time building 
your backup infrastructure when you can get a ready-made appli¬ 
ance? Building your backup structure from scratch isn’t always the 
best use of your time.” As most IT pros know, there is truth to this 
statement. Building a backup solution might not be terribly difficult, 
but building one that’s consistently reliable and that doesn’t require 
lots of babysitting can be challenging. 

“We surveyed our customers and one thing that came out was that 
people have three to seven different backup servers,” Elliman noted. 
“Customers would switch [solutions] if backup speed doubled.” Not 
only do customers want backup speed to increase, but they also want to 
reduce management time. One of the goals of the Symantec appliances is 
to reduce the amount of time spent managing backups by 80 percent. 

Aidan Finley, a product marketing manager at Symantec, expanded 
on how the Backup Exec appliance, which Figure 1 shows, can help 
customers. “You just buy the box and it has everything: software, 
hardware, and licensing, including Backup Exec 2012, which includes 
a brand-new user interface.” The appliance also includes features that 
everyone in IT is interested in these days, such as granular restoration 
of VMware virtual machines (VMs). Finley elaborated on the granu¬ 
lar recovery options with an example: “In a VMware guest machine 


Figure 1 

Symantec's Backup 
Exec appliance 
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running Exchange, our granular recovery technology allows for 
recovery of individual mail messages.” 

The cloud integration of these appliances is strong, according to 
Elliman. “We support backing up to AWS and Rackspace with WAN 
acceleration, typically at a 2x improvement, but sometimes up to lOx.” 
Finley was quick to expand on some other features that make the 
appliances appealing, such as bare-metal recovery and the ability to 
back up from an HP box and restore to a Dell box, for example. “We 
also include physical-to-virtual recovery,” said Finley. “You can restore 
a physical server to a hypervisor, and our software injects the recov¬ 
ered machine right into the hypervisor. You can also replicate VMware 
machines through the appliance to the cloud.” Plus, although the 
appliances back up to disk by default, tape is still supported as an 
option for those customers who need it. 

NetApp 

What if you already have a storage vendor, and if you have dupli¬ 
cated storage stacks between two or more physical locations? Can that 
infrastructure be leveraged as a form of backup appliance? To explore 
these possibilities, I spoke with Nathan Moffitt, senior manager of 
Backup and Recovery Solutions at NetApp. 

“We have something based on a modular architecture. It’s more of 
a platform than a specific product,” Moffitt said. For example, if you 
have a NetApp Fabric-Attached Storage (FAS) system, which Figure 2 
shows, already in place, you can leverage its ability to take snapshots 
as the primary backup-and-restore method. The abilities of the NetApp 
“appliance” solution go beyond that, though. “Because we’re building 
everything off of snapshots, the backup image you have on the FAS 
system that’s being used as an appliance can be mounted,” explained 
Moffitt. You don’t have to do a restore operation to utilize the backed- 
up data. You can spin a VM off of the snapshot and start running it 
from there. You can start utilizing data immediately and migrate to a 
production system later. It allows us to accelerate our recovery time. ” 
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NetApp’s platform model enables the company to partner with oth¬ 
er vendors and even work in environments where the primary storage 
vendor isn’t NetApp. “In non-NetApp environments, we developed 
some software and partnered with others, such as Syncsort . Syncsort 
tracks the changes made to files on a block level and transfers the 
changes to a NetApp device,” Moffitt explained. NetApp has even 
done work to integrate the FAS system with products from traditional 
backup vendors, including Symantec. “Within the last year, we’ve 
added the ability for CommVault Simpana and Symantec NetBackup 
to utilize a FAS system for disk to disk to tape [backups], with the 
NetApp system as the primary backup storage and the tape using the 
NetApp snapshots for secondary protection.” 

For many IT organizations, however, the capabilities of the NetApp 
FAS system may go beyond the needs of the environment—and the 
budget. “In certain cases, a traditional backup appliance might be 
the way to go,” Moffitt acknowledged. “But in other cases, a flexible, 
extensible platform might be the way to go.” 


Many Appliance Solutions from Which to Choose 

Regardless of your requirements, you’ll find plenty of vendors that 
offer capable appliance solutions to fit just about any backup service 
level agreement (SLA). No matter which appliance you choose, back 
up often and make sure you test your restoration process. A backup 
is only as good as your ability to restore from it. ■ 
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Network Monitoring 
on Mobile Devices 

Use your smartphone to monitor your company's network devices 


H ave you left for work recently and accidently forgotten your 
smartphone? No doubt you turned back to retrieve it. Our 
smartphones are no longer just devices that we use to make 
phone calls; they’ve become extensions of our daily lives. If you already 
have this mobile computing platform attached to your hip, why not 
add the capability to monitor your company’s network devices? 

This month’s Buyer’s Guide lists network monitoring solutions 
that include a mobile component. Before evaluating these solutions, 
though, you should determine your monitoring needs and the mobile- 
specific features you want. 

Determining Monitoring Needs 

Some network monitoring solutions are installed and managed exclu¬ 
sively on a platform, whereas others are platform independent. So, 
before you begin looking at network monitoring solutions, it’s help¬ 
ful to identify the OSs you need to monitor. For example, will you 
be monitoring only Windows OSs or a mix of OSs? You should also 
identify other elements you need to monitor, such databases, applica¬ 
tions, and websites. 

Besides identifying what you need to monitor, you should consider 
the type of monitoring that’s needed. For example, do you simply 
need to monitor a website service to make sure it’s running, or do 
you need to make sure that the web page has a specific word or 
phrase published at all times? Do you want to keep track of disk uti¬ 
lization, CPU utilization, memory utilization, server uptime, and/or 
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Before 
evaluating 
these solutions, 
you should 
determine your 
monitoring 
needs and the 
mobile-specific 
features you 
want. 
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packet loss? Knowing these types of details ahead of time can help 
you narrow down the number of solutions to evaluate. 

Another consideration is how the monitoring solution keeps track of 
what’s going on within the network. There are two main approaches: 

• Remote monitoring with SNMP, Windows Management Instru¬ 
mentation (WMI), or another technology 

• Local monitoring, where an agent is installed onto each host or device 

Remote and local monitoring have advantages and disadvantages, 
but the best solutions typically support a hybrid of both. 

With the popularity of the cloud (i.e., someone else’s data center over 
which you have limited control), some network monitoring vendors 
now offer a Software as a Service (SaaS) model for their products. The 
biggest advantage to SaaS is that you can quickly add services without 
adding more overhead to your data center. At the same time, you also 
have to consider the security implications and reliability of your Internet 
connection. Make sure you’re comfortable with the ports that will need 
to be opened on your network firewall. Finally, check regulatory com¬ 
pliances before considering an SaaS solution for any service. 

Over the past 12 years. Active Directory (AD) has helped us con¬ 
solidate the number of username and password combinations that 
we need to remember. Make sure that your new monitoring solution 
takes advantage of this authentication mechanism. Some monitor¬ 
ing solutions will integrate directly with AD, whereas others might 
require a third-party helper, such as Remote Authentication Dial-In 
User Service (RADIUS). Make sure that the product you choose won’t 
require you to memorize yet another username and password. 

Determining Mobile-Specific Features 

Each of the vendors listed in the Buyer’s Guide table will most likely 
be able to satisfy one or more of the aforementioned criteria for your 
particular environment. Now let’s look at the mobile-specific features 
that you might find valuable. 
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If your company uses one of the more popular mobile smartphones, 
such as Apple iPhone, Google Android, or Windows Mobile, there 
might be a platform-specific application for your phone. However, if 
you’re using a less popular smartphone such as Palm or Research in 
Motion BlackBerry, your options might be limited. Another option is 
to choose a product that uses a special “mobile version” of the net¬ 
work monitoring solution’s website. This can “future proof” the solu¬ 
tion, because these products usually work with any mobile browser. 

Some of these mini-websites work just as well as or better than a 
native smartphone application. 

The functionality of the smartphone application or mobile web¬ 
site can vary greatly from vendor to vendor. Some are customizable, 
whereas others are simply “status pages.” Having a customizable 
mobile application can be a very important feature if you’re moni¬ 
toring hundreds of devices. A hundred devices won’t fit on a mobile 
screen, so take into account how the UI is laid out and if it can be 
changed to suite your requirements. 

In addition to simply monitoring whether a server or service is 
running, some of these network monitoring solutions are actually 
mini-troubleshooting tools. For example, you can acknowledge the 
alert, dive down through the UI to find the exact service that’s down, 
or connect to the server using remote-desktop or command-prompt 
functionality for further troubleshooting. 

Carefully Consider Your Options 

Monitoring the network services that your company relies on isn’t a 
new task. Using your powerful mobile device to augment this capa¬ 
bility just makes sense. Carefully consider your options as you use 
the Buyer’s Guide table to evaluate each vendor. ■ 
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Product 

Applications Manager 

ManageEngine 

Desktop Central 

ManageEngine 

Price 

$795 per year for 25 applications or servers 

$545 for 50 computers 

Do you have a custom mobile app for accessing your product? 

Custom mobile app for Apple iOS 

No 

Is there an extra charge for a mobile license or mobile app? 

No 

N/A 

Is your product accessible through a mobile version of a website? If 
yes, is such access limited by a mobile platform or mobile browser? 

Mobile browser supported on all platforms. An iOS version is 
scheduled for release in June 2012. 

Accessible through a mobile version of a website, 
with no limitations. 

What does your product monitor? 

Monitors servers (e.g., Windows, Linux, IBM AIX, IBM AS/400), 
virtual servers (e.g., VMware, Hyper-V), Amazon EC2, applica¬ 
tion servers (e.g., JBoss, Oracle WebLogic, IBM WebSphere, 
GlassFish), databases (e.g., SQL Server, Oracle, MySQL, Sybase, 
IBM DB2, PostgreSQL), Exchange, Memcached, SAP, Oracle 
E-Business Suite, web applications, SNMP devices, WMI, and 
JMX dashboards. 

Monitors laptops, desktops, servers, and mobile devices. 

How does your product monitor devices or applications? 

Uses SNMP, WMI, Secure Shell (SSH), database queries for 
databases, JMX, WebService calls for application servers, and 
vendor-specific mechanisms. 

Agent is installed in each computer. Uses Apple Push 

Notification Service for mobile devices. 

How or where is your monitoring product deployed? 

Local Windows or local Linux platform 

Local Windows platform 

What authentication mechanisms does your product support? 

Active Directory (AD) and custom authentication methods 

AD and local authentication 

Can new alerts be acknowledged from the mobile application? 

Yes 

No 

Can the mobile app main screen or dashboard be customized? 

Yes 

No 

Does the mobile app support adding “favorites" or 
critical servers to the main screen? 

No 

No 

What ports are required to be opened on the network firewall? 

HTTP port for the Applications Manager server 

TCP ports 8020 and 8383 

Does the mobile app include remote desktop or remote control 
functionality from the mobile device? 

No 

No 

Does the mobile app support basic troubleshooting tools such 
as ping and traceroute? 

Yes 

No 

Does the mobile app include a command or console prompt 
from the mobile device? 

No 

No 

Does the mobile app support multiple accounts or allow quick 
server switching? 

Multiple accounts 

Neither 

What indicators can be displayed with the mobile app? 

All performance metrics and availability 

System uptime report and user logon reports with history 


Editor’s Note: Some vendors you might expect to see in this Buyer’s Guide said they didn’t have a product 
that exactly matched the criteria or didn’t respond to our requests for information about their products. 
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Product 

IT360 

ManageEngine 

OpManager 

ManageEngine 

Price 

Based on configuration 

$1,995 

Do you have a custom mobile app for accessing your product? 

Custom mobile app for iOS 

No 

Is there an extra charge for a mobile license or mobile app? 

No 

N/A 

Is your product accessible through a mobile version of a website? If 
yes, is such access limited by a mobile platform or mobile browser? 

Mobile platform currently available only for iPad, but Android 
support is planned. 

Accessible through a mobile version of a website, 
with no limitations. 

Wbat does your product monitor? 

Monitors networks, servers, applications, and bandwidth. 

Has an IT Infrastructure Library (ITIL)-ready service manage¬ 
ment module for ticket and service level agreement (SLA) 
management. 

Monitors network devices, WANs, VoIP links, servers (e.g., 
Windows, Linux, Solaris, HP-UX, IBM AIX), virtual servers 
(e.g., VMware ESX, Hyper-V), and other IT infrastructure 
components. 

How does your product monitor devices or applications? 

Uses SNMP, WMI and SSH. Is agent-based for end-user 
experience monitoring. 

Uses agentless and industry standard management protocols, 
including SNMP, WMI, Command-Line Interface (CLI—Telnet 
or SSH-based connectivity), VMware Vendors API, Cisco IP 

SLA, Internet Control Message Protocol (ICMP) ping, and Cisco 
Discovery Protocol (CDP) for L2 and L3 mapping. 

How or where is your monitoring product deployed? 

Windows platform 

Local Windows platform and local Linux platform 
(on-premises software) 

What authentication mechanisms does your product support? 

AD 

Proprietary authentication mechanism 

Can new alerts be acknowledged from the mobile application? 

Yes 

Yes 

Can the mobile app main screen or dashboard be customized? 

No 

No 

Does the mobile app support adding “favorites" or 
critical servers to the main screen? 

No 

No 

What ports are required to be opened on the network firewall? 

Port 8080 or 8443 (port is configurable) 

Web port in which the product is running 
(i.e., server-name: port-number) 

Does the mobile app include remote desktop or remote control 
functionality from the mobile device? 

No 

No 

Does the mobile app support basic troubleshooting tools such 
as ping and traceroute? 

No 

Yes 

Does the mobile app include a command or console prompt 
from the mobile device? 

No 

No 

Does the mobile app support multiple accounts or allow quick 
server switching? 

Neither 

Both 

What indicators can be displayed with the mobile app? 

Disk, CPU, memory utilization, servers and other network 
devices, health status, and alarm status 

Availability, CPU, memory, disk, and traffic utilization metrics; 
port-wise traffic utilization for network devices; recent alarms; 
critical devices; and custom device groups or maps 
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Product 

Password Manager Pro 

ManageEngine 

ServiceDesk Plus On-Demand 

ManageEngine 

Price 

Starts at $495 per year 

Starts at $14 per month 

Do you have a custom mobile app for accessing your product? 

No 

Custom mobile app for iOS 

Is there an extra charge for a mobile license or mobile app? 

Not applicable 

No 

Is your product accessible through a mobile version of a website? If 
yes, is such access limited by a mobile platform or mobile browser? 

Accessible through a mobile version of a website, with no 
limitations. 

Accessible through a mobile version of a website, with no 
limitations. 

What does your product monitor? 

Monitors access to shared passwords. Baselines passwords and 
monitors them for any changes in target systems. 

Monitors asset tracking for desktops (Windows and UNIX), 
servers (Windows and UNIX), printers, switches, routers, and 
other network devices. 

How does your product monitor devices or applications? 

Uses WMI, CLI over SSH, and specific APIs. 

Probe installed in customer network uses SNMP, CLI, and 

WMI. For desktops, can use additional option of browser 
plug-in collecting asset information and sending it to the 
application. 

How or where is your monitoring product deployed? 

Local Windows platform and local Linux platform 

Software as a Service (SaaS) hosted in U.S. data centers; 
probes deployed in customer networks for data collection 

What authentication mechanisms does your product support? 

AD, LDAP, Remote Authentication Dial-In User Service 
(RADIUS), and RSA SecurlD 

AD 

Can new alerts be acknowledged from the mobile application? 

No 

No 

Can the mobile app main screen or dashboard be customized? 

No 

No 

Does the mobile app support adding “favorites" or 
critical servers to the main screen? 

No 

No 

What ports are required to be opened on the network firewall? 

None 

None 

Does the mobile app include remote desktop or remote control 
functionality from the mobile device? 

Yes 

No 

Does the mobile app support basic troubleshooting tools such 
as ping and traceroute? 

No 

No 

Does the mobile app include a command or console prompt 
from the mobile device? 

Yes 

No 

Does the mobile app support multiple accounts or allow quick 
server switching? 

Neither 

Neither 

What indicators can be displayed with the mobile app? 

N/A 

Service desk application with asset tracking and management 
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Network Monitoring on Mobile Devices 


Product 

PRTG Network Monitor 

PaesslerAG 

Mobile Admin 

SolarWinds 

Price 

$400 for 100 sensors, $1,350 for 500 sensors, $2,230 for 1,000 
sensors, $4,700 for 2,500 sensors, or $10,800 for unlimited 
sensors; corporate license is $32,400 

$695 per seat (unlimited mobile devices per seat) 

Do you have a custom mobile app for accessing your product? 

Custom mobile app for Google Android and iOS 

Custom mobile app for Android, BlackBerry, iOS, and other 
mobile platforms 

Is there an extra charge for a mobile license or mobile app? 

The Android app is free; the iOS app (iPRTG) is $11.99 

No 

Is your product accessible through a mobile version of a website? If 
yes, is such access limited by a mobile platform or mobile browser? 

Supports iOS 3.2 and later, Android 2.1 and later (includ¬ 
ing Honeycomb update), Research in Motion BlackBerry 6 
and later, Windows Phone7and later, WebOS 1.4 and later, 
MeeGo, Amazon Kindle 3 and later, Firefox Mobile, and Opera 
Mobile 11 and later. 

The Mobile Admin server incorporates a web server that 
manages all client and browser communications with Mobile 
Admin. The web server enables Mobile Admin to be deployed 
without dependence or additional load on existing Microsoft 

IIS servers. 

What does your product monitor? 

Monitors bandwidth, usage, activity, uptime, SLA monitoring, 
network traffic and behavior analysis, Cisco routers, SQL Server 
servers, and native and agentless Linux monitoring. 

Integrates and monitors more than 40 IT management 
products, including Windows, VMware, AD, Symantec 

Backup Exec, and BMC Remedy. 

How does your product monitor devices or applications? 

Can use more than 130 sensor types, including ping, HTTP, 

WMI, SMTP, POP3, DNS, SNMP, NetFlow v5/v9, sFlow v5, jFlow 
v5, packet sniffing, sensors for monitoring virtualized environ¬ 
ments (e.g., VMware, Hyper-V, Parallels Virtuozzo, Xen), and 
dedicated hardware sensors for Dell, HP, and APC devices. 

The Mobile Admin server integrates with IT management 
applications. The Mobile Admin Client connects to the Mobile 
Admin server securely through VPN, RADIUS, RSA, or Black¬ 
Berry Enterprise Server's (BES's) Mobile Data Services. 

How or where is your monitoring product deployed? 

Local installation on Windows Server 2008, Windows Server 
2003, Windows 7, Windows Vista, and Windows XP 

Client application installed on the mobile device; Mobile 

Admin server deployed at the customer's site 

What authentication mechanisms does your product support? 

AD integration and local user accounts 

BES (BlackBerry devices), VPN (iOS and Android devices), 

HTTP Secure (HTTPS—iOS, Android, and BlackBerry devices), 
Mobile Admin Proxy, three different levels of authentication, 
and AD integration 

Can new alerts be acknowledged from the mobile application? 

Yes 

Yes 

Can the mobile app main screen or dashboard be customized? 

Yes 

Yes 

Does the mobile app support adding “favorites" or 
critical servers to the main screen? 

Yes 

Yes 

What ports are required to be opened on the network firewall? 

Web server port (in most cases, port 443 but depends on 
Network Address Translation—NAT) 

HTTP port 4054, HTTPS port 4055, or proxy port 4056 (port is 
configurable) 

Does the mobile app include remote desktop or remote control 
functionality from the mobile device? 

No 

Yes 

Does the mobile app support basic troubleshooting tools such 
as ping and traceroute? 

Yes 

Yes 

Does the mobile app include a command or console prompt 
from the mobile device? 

No 

Yes 

Does the mobile app support multiple accounts or allow quick 
server switching? 

Neither 

Multiple accounts 

What indicators can be displayed with the mobile app? 

Anything you can create a sensorfor, including disk utilization, CPU 
utilization, memory utilization, server uptime, and packet loss 

500 distinct functions (full list at http://www.roveit.com/ 
featurespricinq) 
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Product 

Spiceworks Mobile 

Spiceworks 

Site24x7 

Zoho 

Price 

Free 

Starts at $1 

Do you have a custom mobile app for accessing your product? 

Custom mobile app for Android and iOS 

Custom mobile app for Android and iOS 

Is there an extra charge for a mobile license or mobile app? 

No 

No 

Is your product accessible through a mobile version of a website? If 
yes, is such access limited by a mobile platform or mobile browser? 

Supports tablet devices that support HTML5. 

Accessible through a mobile version of a website, with no 
limitations. 

What does your product monitor? 

Monitors any computer connected to the network, disks, 
hardware, software, and more. For a complete list, go to 
http://community.spiceworks.com/help/Setting_Up_ 
Monitors_And_Email_Alerts#What. 

Monitors websites, web applications, web pages, Windows 
servers, mail servers, DNS servers, FTP servers, SSL certificate 
validity, and network routers and switches. 

How does your product monitor devices or applications? 

UsesWMI, SNMP, SSH, and HTTPS. Adding an optional 
Windows-based agent in Spiceworks 6. 

Agent required only for the Windows server monitors. 

All other applications can be monitored from the Internet 
without an installed agent. 

How or where is your monitoring product deployed? 

Local Windows platform 

SaaS 

What authentication mechanisms does your product support? 

Built-in authentication module and AD support 

Form-based authentication 

Can new alerts be acknowledged from the mobile application? 

No 

Yes 

Can the mobile app main screen or dashboard be customized? 

No 

No 

Does the mobile app support adding “favorites" or 

No 

No 

critical servers to the main screen? 



What ports are required to be opened on the network firewall? 

VPN or HTTPS port 443 (port is configurable) 

Port 80 and port 443 for HTTP and HTTPS access 

Does the mobile app include remote desktop or remote control 

No 

No 

functionality from the mobile device? 



Does the mobile app support basic troubleshooting tools such 

Yes 

No 

as ping and traceroute? 



Does the mobile app include a command or console prompt 

No 

No 

from the mobile device? 



Does the mobile app support multiple accounts or allow quick 

Multiple accounts 

Neither 

server switching? 



What indicators can be displayed with the mobile app? 

Disk utilization, up/down, and network utilization 

Uptime, response time, disk utilization, CPU utilization, 
memory utilization, and SSL certificate validity 
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Insights from the 

Industry 

Carrier Bloatware: 

The Android Plague 

It’s time to talk about carrier bloatware on smartphones. Actually, 
it’s long past time. You know what I’m talking about: It’s all of those 
apps that come pre-loaded on your new phone when you buy it, most 
of which are trial versions or apps for subscription services that are 
offered through the carrier. I had read a little about this problem prior 
to getting my Motorola Droid Razr Maxx , and now I’ve had the dis¬ 
pleasure of a firsthand experience. 

I understand the phone manufacturers’ and carriers’ desire to include 
these apps on new phones. It’s a simple way of advertising additional 
services that they offer (in the case of their own apps) or collecting a 
fee from another app publisher for that placement. It’s the same thing 
that’s been done on Microsoft and Apple desktop OSs for years. The 
problem here is that many of these smartphone apps are now being 
preinstalled in such a way that you, the end user and owner of the 
smartphone, can’t uninstall the app if you don’t want it. 

This problem primarily affects Android phones currently. Apple has 
the iPhone ecosystem locked down pretty nicely—for now—so that 
only the basic apps for usability come preinstalled on those phones. 

With Windows Phones, you’ll likely see preinstalled carrier apps; 
however, I haven’t heard of any cases in which users weren’t able to 
uninstall those apps if they chose to. And to me, that’s the crux of the 
problem growing in the Android ecosystem: taking away that choice 
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from end users. I might want to use those apps, but if I don’t, I want 
them gone, and gone for good. 

So, what’s the problem with having these apps on your phone? 
The first thing people will often complain about is that they’re taking 
up storage memory, and although that’s true. I’d say that’s a minor 
problem. Most of these apps are fairly small, with sizes measured in 
kilobytes or low megabytes. Unless you’re taking tons of pictures or 
videos with your phone, or downloading apps like crazy, the giga¬ 
bytes of storage that come on your phone is probably sufficient. A 
bigger concern to me is the background processes that these apps 
can be running, using processing power, battery life, and potentially 
data. 

For instance, on my Razr Maxx, I get a notification every day from 
the Play Store that there are updates available for apps that I’ve never 
used and have hidden (because I can’t delete them). Nonetheless, the 
Play Store checks for updates, and I have to dismiss this notification 
every day. I could turn on automatic updating for these apps to avoid 
the notification, but then they’d be using my data to download an 
update that I don’t want or need. Meanwhile, the Play Store is using 
my battery life and my processing power to tell me about these apps 
that I don’t care about, and I have no way to make it stop. If anyone 
has figured out a way to solve this problem, please let me know. 

Additionally, it was reported in a study out of North Carolina State 
University that the preinstalled apps on Android phones can lead 
to specific security vulnerabilities. Apps require specific permissions 
to access features or capabilities of the phone. What this research 
showed was that certain app combinations could “leak” permissions 
to other apps, which could then be exploited by malicious agents to 
compromise phone data and user privacy. Essentially, the researchers 
say that this security model is good, but it’s flawed in its implementa¬ 
tion with some of these apps. 

When you think of the use of Android smartphones in business, 
with phones being supported by corporate IT departments, this 
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problem of unauthorized apps takes on another dimension. Android 
phones have already gotten somewhat of a black eye for business use. 
It seems like Google, along with the handset makers and the carriers, 
would want to make it as easy as possible for businesses to adopt 
these phones for their end users. Instead, the inability to control what 
apps are present on the phone is another point against Android in the 
enterprise. 

As a user, what can you do about the carrier bloatware problem? 
You do have options, although nothing that’s all that great at the 
moment. Here are a few things to consider: 

• To start, go into your Manage Apps area; on the Running tab, stop 
any running process or service for these apps that you don’t use. 

• You can use the Hide feature so at least you don’t have to see 
unwanted apps. To do so, in the Apps tray, you can touch and 
hold an app icon until a menu appears; it will either give you the 
option to Uninstall or Hide (among others). 

• There have been apps available that claim to let you remove or 
freeze any unwanted apps, although I don’t have firsthand expe¬ 
rience with any to recommend, and the ones I’ve researched 

all tend to have mixed results. Remember that even if you can 
remove an unwanted app, chances are good that your next system 
OS update will just reinstall it. 

• You can root your Android phone to gain complete access and 
control over the OS, and thus the ability to remove any of these 
unwanted apps. Rooting has benefits that many people highly 
recommend, but it’s not necessarily an option everyone will want 
to consider. 

Of course, you can find more information about these options on the 
Internet, including YouTube videos. 

There’s a feature to look forward to in Android 4.0, the Ice Cream 
Sandwich release. Called a “kill switch” for apps , this feature lets you 
disable any app, regardless of where it’s installed or who installed it. 
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It’s not quite the same as removing unwanted apps entirely, but it’s 
a step in the right direction. Of course, my cynical side wonders if 
it’s taking carriers so long to release Ice Cream Sandwich to current- 
generation phones because they’re trying to find a way around this 
OS-level control first. 

When I started thinking about this bloatware problem, I wondered 
if the carriers might be on the road to class-action lawsuits. Because 
they’re charging us for their data, and then forcing apps on us that eat 
into that data, it seems like a perfect case for serious legal action. But 
then I saw a CNET report that says the US Supreme Court seems to 
have decided that consumers don’t have the right to hie class-actions 
suits against carriers because the carrier contracts say we can’t. Score 
one for big business. You can take your carrier to small claims court 
or go to arbitration instead. 

My previous smartphone, the original Droid by Motorola, didn’t 
come with unremovable bloatware when I got it just over two years 
ago, which tells me this is a recent and growing problem. I know 
iPhone owners will be laughing at this Android issue they haven’t 
had to deal with—although it could still come to iPhones one day. 
Actually, it’s a strength of the Android platform that you typically get 
many useful apps preinstalled (in addition to the junk]. But if I don’t 
want to sign up for Netflix, I should be able to delete the Netflix app 
and be done with it. (Netflix is the largest of the preinstalled apps, by 
the way, coming in at over 22MB.) 

So you’ve got some really useful apps from the start. You’ve got a 
system that’s highly customizable (unlike some other mobile OSs I 
could name). But the carriers are mucking it up with junky bloatware 
and taking away much of what has made Android so successful. Do 
they care? No, I’m sure they don’t—as long as their profits keep roll¬ 
ing in. Do you care? Let me know by sending me your thoughts on 
Twitter: @bkwins . ■ 

—B. K. Winstead 
InstantDoc ID 142702 


124 Windows IT Pro / July 2012 


WWW.WINDOWSITPRO.COM 







Ctrl+Alt+Del 



Jason 

Bovberg 


Email 



Twitter 


Our Kind of 
Tweet! 


Product of the Month 



Our favorite product this month comes from the reliable 
ThinkGeek site. These 30-watt Angry Birds speakers are 
perfect external speakers for your smartphone or other 
gaming device: “Just plug them in, adjust the volume 
and bass controls, rest your device on the 
included stand, then sit back and enjoy,” 
reads the press release. Each speaker in 
the set—Red Bird, Black Bird, Helmet 
Pig—is a bit different. Red Bird is com¬ 
patible with any music player, phone, 
tablet, or gaming system. Black Bird is 
compatible with iPod, iPad, and iPhone 
only. And Helmet Pig is compatible with 
iPod and iPhone only. Of course, the 
coolest use of the Angry Birds speakers is 
to amplify the sound effects of Angry Birds. Or is that too 
meta? Find out more about these officially licensed Angry 
Birds collectibles at ThinkGeek. 
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Press the ESC key to cancel saving the document. 


Cancel 


Figure 1 : So, uh, not the Cancel key, huh? 



Figure 2: Um. No thanks. 


USER MOMENT 
OF THE MONTH 

I work at a warehouse, and I 
once got a call from one of our 
salespeople on the sales floor. 
He wasn’t the most savvy tech 
guy, but to heed a customer 
request to make online com¬ 
parisons of products, he needed 
to access the Internet. But he 
couldn’t get online, so he gave 
me a call. Our Internet access is 
password-protected, so I asked 
him if he had the right pass¬ 
word. “Yes,” he answered con¬ 
fidently. “I saw Tom type it in.” 
Dubious, I asked him, “Can you 
tell me what the password is?” 
He said, “Seven stars.” 


Send us your funny screenshots, oddball product news, 
and hilarious end-user stories. If we use your submission, 
you'll receive a Windows IT Pro Rubik's Cube. 


ISI Submit 
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Directory of Services 


Search our network of sites dedicated to hands-on 
technical information for IT professionals. 
www.windowsitnro.com 

Support 

Join our discussion forums. Post your questions 
and get advice from authors, vendors, and 
other IT professionals. 
www.windowsitnro.com/ao/forums 

News 

Check out the current news and information about 
Microsoft Windows technologies. 
www.windowsitnro.com/go/news 

EMAIL NEWSLETTERS 

Get free news, commentary, and tips delivered 
automatically to your desktop. 

• Goud_&_VirtJJalizat|on UPDATE 

• Dev Pro UPDATE 

• Exchange & Outlook UPDATE 

• Security UPDATE 

• SharePoint Pro UPDATE 

• SQL Server Pro U PDATE 

• Windows IT Pro UPDATE 

• Winlnfo Daily UPDATE 

RELATED PRODUCTS 

Windows IT Pro VIP 

Get exclusive access to over 40,000 articles and solutions 
on CD and via the web. Includes FREE access to eBooks 
and archived eLearning events plus a subscription to 
either Windows IT Pro or SQL Server Pro. 
www.windowsitDro.com/qo/vipsub 

SQL Server Pro 

Explore the hottest new features of SQL Server, and 
discover practical tips and tools, 
www^sglmagxom 

Dev Pro 

Discover up-to-the-minute expert insights, information 
on development for IT optimization, and solutions- 
focused articles at DevProConnections.com , where IT 
pros creatively and proactively drive business value 
through technology. 

SharePoint Pro 

Dive into Microsoft SharePoint content offered in 
specialized articles, member forums, expert tips, and 
web seminars mentored by a community of peers and 
professionals. 

www.sharepointpromaq.com 
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